[Cryptography] Passwords: Perfect, except for being Flawed
Bill Stewart
billstewart at pobox.com
Fri Feb 20 01:07:48 EST 2015
> > As a meta-comment on passwords: there is a big shift underway now to
> > start doing dual factor using the person's phone.
The great thing about this, if you're in the advertising business,
is that coupling the account information with a phone
gives you a much more positive identification of the user.
None of this business about anonymity or pseudonymity or
using a different name for each different account or
being vague about where you are right now or
or having a common enough name that you're not unique or
anything inconvenient like that.
No, Google, I don't need to protect my YouTube account
by giving you a phone number in case I forget the password is abc123.
If I forget, I'll give you a new random name.
More information about the cryptography
mailing list