[Discuss] Most common (or Most important) privacy leaks

[kentborg at borg.org (Kent Borg)]

On 02/17/2015 01:29 PM, Matthew Gillen wrote:
> Most of the people I want to "think and understand" are actually the 
> people running systems that need passwords and coming up with 
> obnoxious requirements for passwords that essentially force you to 
> write everything down.

But writing down passwords is good.

The old dogma to never write down a password is obsolete. It applied 
when we only had one password and were worried about the guy at the next 
desk.

These days we have scores of passwords and the guy at the next desk is 
the least of our worries.

Yes, writing down passwords does make the loss of the paper with the 
passwords a worry, so take some precautions:

  - Have a backup copy in another location.
  - Obfuscate your written passwords in a simple way that you know how 
to decode, but so the paper isn't immediately useful to a finder.
  - Be careful, keep it close, don't lose it.

> The only way to solve the password problem is to do away with them. 

I like the mangling of the Churchill quote: Passwords are the worst form 
of authentication we have except for all the others.

You are right about passwords being a problem, but wrong on the 
solution. All of the proposed alternatives to passwords look worse to me.

> There are all manner of physical tokens that can be used (SecurID, 
> SmartCards, etc)

Secure ID isn't. A few years ago every single token out there had to be 
replaced because RSA Security in Bedford is incompetent and the seeds 
for every token they had shipped were all stolen. Also, tokens don't 
scale; I have many passwords, how many clattering tokens am I supposed 
to be carrying around everywhere I go? Some (RSA these days) want us to 
use our smartphones as tokens. Oh wonderful: Thieves would never think 
to steal a smartphone, nor break into it remotely with malware.

> in conjunction with a "something you know"/PIN that can actually be 
> memorized.

So a single PIN I use everywhere again? Or am I memorizing dozens of PINs?

Or maybe one token and a central login service for everything: but now 
we have a single point-of-failure. Know a secret question? Steal the 
phone that Google uses as backup verification? (Or just 
steal--"port"--the phone number without stealing the phone?) Broken.

Fingerprints? Very stealable. And for the ruthless, even fingers can be 
stolen. Retina scans? Okay, but how big a security perimeter are you 
defending? Every scanner is secure? No one can steal the data and just 
supply the data instead of the retina? How many different organizations 
need to be installing scanners? And they all have your retina data? 
Sounds like reusing a single password to me.

I have heard of many grand solutions, all that aren't as good as are 
passwords.

-kb