[Discuss] Most common (or Most important) privacy leaks

[me at mattgillen.net (Matthew Gillen)]

On 02/17/2015 12:51 PM, Kent Borg wrote:
> I think the only way to fix the password problem is to get people to
> discard security theater and think and understand and be disciplined.
> But if you can fix the password problem, I think the next problems
> ~start~ to fix themselves.
>
> But I don't know, because everyone does passwords wrong.

Most of the people I want to "think and understand" are actually the 
people running systems that need passwords and coming up with obnoxious 
requirements for passwords that essentially force you to write 
everything down.  You can make people choose good passwords, but you 
can't make them have good habits.

The only way to solve the password problem is to do away with them. 
There are all manner of physical tokens that can be used (SecurID, 
SmartCards, etc) in conjunction with a "something you know"/PIN that can 
actually be memorized.

Apparently this isn't so far fetched.  Banks in Germany (and now some in 
the US) give their customers SecurID tokens to use for login and ACH 
transfers.

I would love if there were a way to marry OpenID with 
SmartCards/certificates... (maybe there is, I haven't paid much 
attention to OpenID in a while)

Matt