Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > MacNN Lounge > Rant: internet security

Rant: internet security
Thread Tools
Brien
Professional Poster
Join Date: Jun 2002
Location: Southern California
Status: Offline
Reply With Quote
Apr 10, 2017, 03:48 PM
 
Anyone else feel it has failed? I am running into more and more websites/apps/etc. that are requiring crazy-complex password requirements, and an email verification code, and/or a text message code just to log in, not to mention having passwords that expire every 30 to 90 days.

Even with password managers it is just too much - I'm an educated computer person so I understand why it's important, but I imagine making the average person jump through this many hoops is unsustainable. And now we have places (like my work) that are moving toward three and four-factor authentication by adding in biometrics. It just seems like, something's gotta give.

PS: As an aside, some of the things I've talked about to 'replace' passwords are retina scans, algorithms that use your body language/typing cadence/etc. to "know" it is you using a device, GPS location, voice recognition etcetera. But if we have learned anything over the past 30+ years of computing it's that if it is digital, it can be hacked, and I just wonder how, if someone manages to hack some theoretical super-security that uses your body language, finger/retina scans, voice etc. then you would have little recourse to prove you are you to get your accounts/etc. back.
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Apr 10, 2017, 04:16 PM
 
Yeah, normies are screwed.

I like 1Password, but I can't give that to my dad and expect him to figure it out.

Not that he couldn't, he's not an idiot, he just doesn't give enough of a shit to put in the effort, and I don't blame him.
     
mindwaves
Registered User
Join Date: Sep 2000
Location: Irvine, CA
Status: Offline
Reply With Quote
Apr 10, 2017, 05:51 PM
 
Totally agree. Makes it worse when you try to login to your US bank account from overseas, and the bank will send you a text message confirmation number. Umm...I can't receive that number! Luckily, there are now other forms of confirmation, such as actually typing in your phone number or they can email you the code also.

Now, before I go overseas with a new computer, I login to every single account I have in the US and register my computer with their website first.
     
Jawbone54
Posting Junkie
Join Date: Mar 2005
Location: Louisiana
Status: Offline
Reply With Quote
Apr 10, 2017, 06:57 PM
 
I would use something like 1Password, but I don't think I can stomach the idea of yet another subscription.
     
reader50
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Reply With Quote
Apr 10, 2017, 07:59 PM
 
Biometrics have the added problem that the legal landscape has not kept up. Courts mostly say you can't be forced to cough up a password, but are OK with forcing your fingerprint on the touchID.

Biometrics could also work like in the movies. Need a retinal scan? No problem, just bring the right curved knives along.
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Apr 11, 2017, 03:26 PM
 
I still have an AppleTV 3. Since Apple has now decided to force everyone to use two-factor identification on iCloud and they haven't updated that old software, whenever it reboots it pings my phone to ask for permission to log in, and presents a code if I click yes - a code there is no box to enter into.

There are two ways to fix this and I can google them up, but they are far from obvious - which means that it is annoying as all H. My parents have the same model (a present from me), and suddenly they start getting those login prompts because there was a power outage back home. Since Apple misidentifies the location (they pick Stockholm, almost 500 km away), that prompt looks pretty scary.

So to answer your question: yes, I think it has failed - and I don't know how to fix it.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Laminar
Posting Junkie
Join Date: Apr 2007
Location: Iowa, how long can this be? Does it really ruin the left column spacing?
Status: Offline
Reply With Quote
Apr 12, 2017, 10:35 AM
 
Oops, if I had known that I wouldn't have updated to 2 factor. Still running 2 ATV3s.
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Apr 12, 2017, 12:18 PM
 
So, here's the slickest solution I've seen. In most ways it's a ton more secure than what we have now, and could be executed in such a way as to not make the user experience particularly onerous.


Superficially, it acts like a password locker. Users of this system have an encrypted "Master Key". The decrypt password is the only thing which needs to be (or could be) remembered. Like a normal locker, this system needs to remember things, and pass them along to websites, but most of it remains hidden from the user.

For any given site, the system uses the Master Key plus the URL of the site to generate a public/private key pair.

The public key becomes what identifies you with that site.

When it's time to log in, the website sends you a giant random number. You sign the number with your private key for the site and then send it back. If the public key decrypts it, then the site knows you're you.
     
Ham Sandwich
Guest
Status:
Reply With Quote
Apr 12, 2017, 02:27 PM
 
[...deleted...]
( Last edited by Ham Sandwich; Apr 23, 2020 at 08:37 AM. )
     
osiris
Addicted to MacNN
Join Date: Sep 2000
Location: Isle of Manhattan
Status: Offline
Reply With Quote
Apr 13, 2017, 09:01 AM
 
Originally Posted by And.reg View Post
An IT security person asked me at work why I use my laptop instead of ethernet because the work WiFi "is not secure."

As if I'm going to hook up a 50-foot-long ethernet cable and get a USB adapter
If your IT security person AT WORK is telling you that the workplace's wifi is insecure, then that guy needs to fix the wifi. I assume it's not a public network, because that would be stupid. But damn.
"Faster, faster! 'Till the thrill of speed overcomes the fear of death." - HST
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 04:25 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,