[Cryptography] Passwords: Perfect, except for being Flawed
ianG
iang at iang.org
Thu Feb 19 11:18:35 EST 2015
On 18/02/2015 17:21 pm, Kent Borg wrote:
> The human is part of the security system.
Odd thing to say ;) Security means nothing outside the context of a human.
As a meta-comment on passwords: there is a big shift underway now to
start doing dual factor using the person's phone. It is now clear that
everyone has a phone, to some statistical certainty, and we can rely on
it. So every system and his dog has now migrated to using something to
couple the phone and the password together.
(In the meantime, while this Phone+password hybrid rolls out, others
have gone further. ApplePay, bitcoin light clients, my stuff, are
putting the whole thing on the phone. So, actually we are exposing the
phone to single points of failure/attack modes. But this direction is
still so novel and so far rare that there is no economic case for attack
and won't be for a few years...)
Which is to say, micro-re-designs of how passwords work and can be
improved might be missing a macro-trend that is going on.
iang
More information about the cryptography
mailing list