According to this page, Dreamwidth wants your LJ password. Soliciting passwords used on competing sites is vastly worse than even LJ's crossposting of comments on locked posts.
I get the impression from this discussion that there's some way to crosspost using OpenID, which doesn't require giving away any passwords (though it strikes me as very prone to user error and spoofing). Is that what you're using?
That's the problem; you can't know what they'll do with your password, in this case or in general. There's never a good reason to give a third-party password to a website. Look up "Quechup" for the kind of things they can do with them.
They store a hashed version of the password-- I'm not sure if that means they can't recover it, but at least it means they're less likely to lose it by accident.
If I don't think I can trust someone with a password, I'm not going to trust their assurances that that they won't keep it.
Honestly, I'm more likely to trust Dreamwidth with my password than Livejournal, but that's a personal preference based on my experiences with both communities and how the operators interact with the users.
A developer answers the question here: http://dw-news.dreamwidth.org/24656.html?thread=2859088#cmt2859088
"If you select the 'save password' option, then DW saves an encrypted version of the password. Now, because of the way LJ passwords work, that encrypted password is sufficient to get full access to your account. But it does mean that if, say, you use that same password for other things, then nobody would be able to get from the encrypted version to the plaintext password.
You can also choose not to save your password, in which case you'll be asked for your LJ password every time you crosspost. In that case, all the DW servers ever get is a one-time authentication token."
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
zvi and
no subject
Date: 2010-09-08 11:01 am (UTC)According to this page, Dreamwidth wants your LJ password. Soliciting passwords used on competing sites is vastly worse than even LJ's crossposting of comments on locked posts.
I get the impression from this discussion that there's some way to crosspost using OpenID, which doesn't require giving away any passwords (though it strikes me as very prone to user error and spoofing). Is that what you're using?
no subject
Date: 2010-09-08 01:29 pm (UTC)I'm not the best person to ask about the details of DW.
no subject
Date: 2010-09-08 02:36 pm (UTC)no subject
Date: 2010-09-08 04:04 pm (UTC)They realized this was an issue early on and worked around it: http://dw-news.dreamwidth.org/7298.html
It was resolved here: http://dw-news.dreamwidth.org/16019.html
no subject
Date: 2010-09-09 11:52 am (UTC)If I don't think I can trust someone with a password, I'm not going to trust their assurances that that they won't keep it.
no subject
Date: 2010-09-09 01:57 pm (UTC)no subject
Date: 2010-09-09 04:51 pm (UTC)"If you select the 'save password' option, then DW saves an encrypted version of the password. Now, because of the way LJ passwords work, that encrypted password is sufficient to get full access to your account. But it does mean that if, say, you use that same password for other things, then nobody would be able to get from the encrypted version to the plaintext password.
You can also choose not to save your password, in which case you'll be asked for your LJ password every time you crosspost. In that case, all the DW servers ever get is a one-time authentication token."