[Cryptography] Passwords are dying - get over it
Kent Borg
kentborg at borg.org
Mon Dec 23 09:10:39 EST 2013
On 12/23/2013 01:53 AM, Bill Cox wrote:
> Sounds good, but what's the alternative? It scares me to have a key
> ring decrypt all my passwords at once, and just hang around in memory.
> The closed-source password safes are a non-starter, IMO. I agree the
> password situation sucks. I'm not very familiar with alternatives.
> What do you suggest?
People love to say passwords are dead, but any alternate proposals they
might suggest always seem worse to me.
Google seems to have the biggest head of steam by trying to become the
single sign-in for everything else, and then, because they are so
important they can force you to carry a Bsafe fob, or something like
that. Actually, they probably won't go for a fob...
Instead Google is working hard to know everything about me, and that is
key to their security solution: they will know I am legit when I log in
because they will know it is me because they have been following me. Or
something like that, they don't exactly know how it will work, but they
are getting good at recognizing login patterns and being confident I am
me based how and where I login.
I can cache in my head the passwords I use frequently. And when I need a
more obscure one, I look it up, in the records I keep of all my
passwords. Exactly how to keep those records and how to maintain any
endpoint security is the hard part about my approach and not something
that is easy to recommend to others.
A pencil and a little paper notebook that should be carefully protected,
obfuscate the contents in some simple way--that is the best I can
suggest for civilians. (And don't bring the whole notebook when
traveling internationally, maybe leave it with someone trusted whom you
can phone.)
-kb
More information about the cryptography
mailing list