Friday, August 08, 2008

Net security, the end of the password, and human evolution

The signs of the end are at hand.

First, this completely asinine alleged (a misquote I hope) comment from someone who must, really, know better:
BBC NEWS | Technology | Net address bug worse than feared

... Mr Silva at VeriSign said even though patches have been put in place, this doesn't mean users can sit back and relax.

'The biggest gap in security rests between the keyboard and the back of the chair,' he said.

'The look and feel of a website is not what a consumer should trust. They should trust the security behind that website and do simple things like use more secure passwords and change their password regularly...
Of course they should. They should also lose 50 lbs, run ten miles a morning, study a new language every month, and master levitation.

I really hope that was a misquote.

Next, I lose my last remaining gasket when the complexity of modern life leads to a security breach, and the need to change my 2 year old high quality primary Google account password:
Gordon's Tech: How to steal my Google account

... Yes, to steal my Google account, my primary digital identity, all you need to know is my first phone number...
  1. Passwords are a complete fail. Schneier has been saying this for years. We are now into the realm of madness. We need multi-factor authentication devices that handle our secondary authentication for us. Yeah, it's not perfect, but, really, this is s#$!@# insane.

  2. We live in the age of the tyranny of the mean. Even the vast majority of geeks aren't going to figure out how to sync 1Password with an iPhone. Regular folks are going to use one password everywhere and then forget it. Google, like everyone else with these asinine security question is bowing to the reality that humans didn't evolve to live in a digital world. We're maxing out right now.
This madness has to stop. The stupidity is hurting my brain.

Really, none of us evolved for this. We either need to reengineer the human mind or we need to implement better security measures.

This is going to need real help from an Obama administration, we've seen decades of banks failing to deal basic with security issues. This won't get fixed by libertarian emergence; the current system is simply providing endless prey for hungry predators.

Oh, and remember, sooner or later, we're all prey.

No comments: