|
|
Rant: internet security
|
|
|
|
Professional Poster
Join Date: Jun 2002
Location: Southern California
Status:
Offline
|
|
Anyone else feel it has failed? I am running into more and more websites/apps/etc. that are requiring crazy-complex password requirements, and an email verification code, and/or a text message code just to log in, not to mention having passwords that expire every 30 to 90 days.
Even with password managers it is just too much - I'm an educated computer person so I understand why it's important, but I imagine making the average person jump through this many hoops is unsustainable. And now we have places (like my work) that are moving toward three and four-factor authentication by adding in biometrics. It just seems like, something's gotta give.
PS: As an aside, some of the things I've talked about to 'replace' passwords are retina scans, algorithms that use your body language/typing cadence/etc. to "know" it is you using a device, GPS location, voice recognition etcetera. But if we have learned anything over the past 30+ years of computing it's that if it is digital, it can be hacked, and I just wonder how, if someone manages to hack some theoretical super-security that uses your body language, finger/retina scans, voice etc. then you would have little recourse to prove you are you to get your accounts/etc. back.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
Yeah, normies are screwed.
I like 1Password, but I can't give that to my dad and expect him to figure it out.
Not that he couldn't, he's not an idiot, he just doesn't give enough of a shit to put in the effort, and I don't blame him.
|
|
|
|
|
|
|
|
|
Registered User
Join Date: Sep 2000
Location: Irvine, CA
Status:
Offline
|
|
Totally agree. Makes it worse when you try to login to your US bank account from overseas, and the bank will send you a text message confirmation number. Umm...I can't receive that number! Luckily, there are now other forms of confirmation, such as actually typing in your phone number or they can email you the code also.
Now, before I go overseas with a new computer, I login to every single account I have in the US and register my computer with their website first.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2005
Location: Louisiana
Status:
Offline
|
|
I would use something like 1Password, but I don't think I can stomach the idea of yet another subscription.
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Jun 2000
Location: California
Status:
Offline
|
|
Biometrics have the added problem that the legal landscape has not kept up. Courts mostly say you can't be forced to cough up a password, but are OK with forcing your fingerprint on the touchID.
Biometrics could also work like in the movies. Need a retinal scan? No problem, just bring the right curved knives along.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
I still have an AppleTV 3. Since Apple has now decided to force everyone to use two-factor identification on iCloud and they haven't updated that old software, whenever it reboots it pings my phone to ask for permission to log in, and presents a code if I click yes - a code there is no box to enter into.
There are two ways to fix this and I can google them up, but they are far from obvious - which means that it is annoying as all H. My parents have the same model (a present from me), and suddenly they start getting those login prompts because there was a power outage back home. Since Apple misidentifies the location (they pick Stockholm, almost 500 km away), that prompt looks pretty scary.
So to answer your question: yes, I think it has failed - and I don't know how to fix it.
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Apr 2007
Location: Iowa, how long can this be? Does it really ruin the left column spacing?
Status:
Offline
|
|
Oops, if I had known that I wouldn't have updated to 2 factor. Still running 2 ATV3s.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
So, here's the slickest solution I've seen. In most ways it's a ton more secure than what we have now, and could be executed in such a way as to not make the user experience particularly onerous.
Superficially, it acts like a password locker. Users of this system have an encrypted "Master Key". The decrypt password is the only thing which needs to be (or could be) remembered. Like a normal locker, this system needs to remember things, and pass them along to websites, but most of it remains hidden from the user.
For any given site, the system uses the Master Key plus the URL of the site to generate a public/private key pair.
The public key becomes what identifies you with that site.
When it's time to log in, the website sends you a giant random number. You sign the number with your private key for the site and then send it back. If the public key decrypts it, then the site knows you're you.
|
|
|
|
|
|
|
|
|
Ham Sandwich
|
|
(
Last edited by Ham Sandwich; Apr 23, 2020 at 08:37 AM.
)
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2000
Location: Isle of Manhattan
Status:
Offline
|
|
Originally Posted by And.reg
An IT security person asked me at work why I use my laptop instead of ethernet because the work WiFi "is not secure."
As if I'm going to hook up a 50-foot-long ethernet cable and get a USB adapter
If your IT security person AT WORK is telling you that the workplace's wifi is insecure, then that guy needs to fix the wifi. I assume it's not a public network, because that would be stupid. But damn.
|
"Faster, faster! 'Till the thrill of speed overcomes the fear of death." - HST
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|