[Discuss] Most common (or Most important) privacy leaks
Matthew Gillen
me at mattgillen.net
Tue Feb 17 13:29:55 EST 2015
On 02/17/2015 12:51 PM, Kent Borg wrote:
> I think the only way to fix the password problem is to get people to
> discard security theater and think and understand and be disciplined.
> But if you can fix the password problem, I think the next problems
> ~start~ to fix themselves.
>
> But I don't know, because everyone does passwords wrong.
Most of the people I want to "think and understand" are actually the
people running systems that need passwords and coming up with obnoxious
requirements for passwords that essentially force you to write
everything down. You can make people choose good passwords, but you
can't make them have good habits.
The only way to solve the password problem is to do away with them.
There are all manner of physical tokens that can be used (SecurID,
SmartCards, etc) in conjunction with a "something you know"/PIN that can
actually be memorized.
Apparently this isn't so far fetched. Banks in Germany (and now some in
the US) give their customers SecurID tokens to use for login and ACH
transfers.
I would love if there were a way to marry OpenID with
SmartCards/certificates... (maybe there is, I haven't paid much
attention to OpenID in a while)
Matt
More information about the Discuss
mailing list