I can already sign into a website from my browser

Once hackers realise people are using ~4 random words for a password the entropy will decrease hugely.

I think you've got it backwards: the entropy calculation here assumes that the attacker already knows the scheme. The 2^44 possible passwords are therefore a lower boundary for the entropy.

In practice the attacker must cast a wider net because he doesn't know exactly which word list you use, or if you are using a completely different password scheme. This increases the difficulty.

Obviously a fun sort of question, as it's highly dependant on your niche etc, but a lot of people seem to throw around relative traffic terms without quantifying it which is very misleading imo.

It IS ok for them to dress like shit if they are all happy.

Men in my country at least are just generally more interested in tech. A big population of males who are interested in tech will naturally lead to a heavily weighted male populous of proficient tech people. I don't get why this is sexist it's just fact. I don't see much that needs to be fixed.

If there is discrimination in the hiring process though, yes that needs to be addressed. However that's not the angle the article is taking.

Hiring a woman because you don't have many women in the work place isn't optimal.

Are Google going to be interested in SEO? Anyway, good luck!

Would people be happy for banks to use the same security for your account? Because that's what people seem to be arguing when they say it's perfectly safe/secure. This is in regards to the obscure URL being the entry point to the account not to do with BC itself.

Erm... that's the public part of a public-key pair. It's as secure as any other modern public-key crypto out there (plus or minus a few digits). Any transactions are signed.

No, in the case the problem is that the URL is essentially the private key!

You're missing something, but I'm not sure what... Addresses are always public knowledge, along with all transactions between them. Who owns the address, on the other hand, is usually not advertised: but in this case Instawallet is claiming and endorsing their address to allow for instant payments on your behalf.

I can't tell how this diminishes security, assuming the normal practice of using one-time receiving addresses is still used. EDIT: And assuming you are comfortable having a middleman like Instawallet involved.

Well just think, if your bank used the same security measures how would you feel about it?

After reading this and all of eli's posts below, I believe this is referring to the way Instawallet works, and not the "green address" system. But to both of you: WTF, be more specific. It sounds precisely like you're referring to the use of a single bitcoin address as being some horribly insecure concept, and somehow relating to a URL in a way that makes no sense.

Instawallet (appears like it) works by giving you a bitcoin address, and a unique URL which gives you access to send money from that address. From that perspective, I agree: horrible, horrible idea for safety purposes. Bookmarks rarely (ever?) have secure storage.

I'm not sure why my comment got down voted so much, my point is if a obscure web address is the only line of security it is terrible, especially as they recommend you to bookmark the address in your tool bar. The point is it might look great and secure at first, all it takes is a small mistake from one of many angles and it's done for. Examples of mistakes, people posting their urls, people being tricked into posting their urls, shared computers with bookmarks, the webmaster accidently installing a sitemap script which indexes them all etc.

I think it got voted down because it has nothing to do with the forum post. The post talks about a "green address" system, not their strange techniques for security, and your comment makes no distinction. I had no idea what you were talking about until a couple hours and several similarly-cryptic comments later, and going to Instawallet's site and seeing it for myself.

The address isn't obscure, it's right there.

A collision is a collision. If you are uncomfortable relying on the sender address you should be just as uncomfortable about an attacker taking over your own wallet.

You know what BitCoins themselves are too, right? Huge in this case is effectively infinite.

Yeah but URLs are not intended to secure data. They tend to leak out in unexpected ways.

Did you know Google will still index URLs prohibited by robots.txt if it finds a link to them (it just won't crawl them)?

Certainly, putting this URL on a page for other people to read is a very bad idea -- like tossing your (physical) wallet out your car window.

The intent of the URL is that you should bookmark it and otherwise keep it private.

Unless you know of some way for an attacker to get at the browser's bookmark list (which I'd be interested to know about; I'm certainly not enough of an expert to be sure that no such attack exists) then this seems fairly secure.

The tossing your physical wallet out the window analogies are tired and false. When does your wallet ever have thousands of dollars in it? Some naive BC users had huge % of their net worth in BC then got punished for it in various ways.

Did you mistakeningly post this here? Why aee you bringing up URLs?

The way the site works the URL is the password. The wallet is secured entirely via no one else knowing your URL string.

Why are you bringing up URLs? Noone else knowing your URL string makes your wallet secure?

The parent comment was referring to the URL when he/she said "address". You obviously haven't actually tried the linked service.

I have tried the service and I also understand bitcoin to a certain extent. That is why I recognize that "address" in this context is not a URL but a bitcoin wallet ID or address.

I find it hard to believe companies pay Google $55 per click and that is in any way profitable for them. There must be more +EV opportunities out there for advertising. But I'm probably mistaken as usual.