[Discuss] Most common (or Most important) privacy leaks
Kent Borg
kentborg at borg.org
Tue Feb 17 14:08:30 EST 2015
On 02/17/2015 01:29 PM, Matthew Gillen wrote:
> Most of the people I want to "think and understand" are actually the
> people running systems that need passwords and coming up with
> obnoxious requirements for passwords that essentially force you to
> write everything down.
But writing down passwords is good.
The old dogma to never write down a password is obsolete. It applied
when we only had one password and were worried about the guy at the next
desk.
These days we have scores of passwords and the guy at the next desk is
the least of our worries.
Yes, writing down passwords does make the loss of the paper with the
passwords a worry, so take some precautions:
- Have a backup copy in another location.
- Obfuscate your written passwords in a simple way that you know how
to decode, but so the paper isn't immediately useful to a finder.
- Be careful, keep it close, don't lose it.
> The only way to solve the password problem is to do away with them.
I like the mangling of the Churchill quote: Passwords are the worst form
of authentication we have except for all the others.
You are right about passwords being a problem, but wrong on the
solution. All of the proposed alternatives to passwords look worse to me.
> There are all manner of physical tokens that can be used (SecurID,
> SmartCards, etc)
Secure ID isn't. A few years ago every single token out there had to be
replaced because RSA Security in Bedford is incompetent and the seeds
for every token they had shipped were all stolen. Also, tokens don't
scale; I have many passwords, how many clattering tokens am I supposed
to be carrying around everywhere I go? Some (RSA these days) want us to
use our smartphones as tokens. Oh wonderful: Thieves would never think
to steal a smartphone, nor break into it remotely with malware.
> in conjunction with a "something you know"/PIN that can actually be
> memorized.
So a single PIN I use everywhere again? Or am I memorizing dozens of PINs?
Or maybe one token and a central login service for everything: but now
we have a single point-of-failure. Know a secret question? Steal the
phone that Google uses as backup verification? (Or just
steal--"port"--the phone number without stealing the phone?) Broken.
Fingerprints? Very stealable. And for the ruthless, even fingers can be
stolen. Retina scans? Okay, but how big a security perimeter are you
defending? Every scanner is secure? No one can steal the data and just
supply the data instead of the retina? How many different organizations
need to be installing scanners? And they all have your retina data?
Sounds like reusing a single password to me.
I have heard of many grand solutions, all that aren't as good as are
passwords.
-kb
More information about the Discuss
mailing list