[Cryptography] Passwords: Perfect, except for being Flawed
Tom Mitchell
mitch at niftyegg.com
Fri Feb 20 22:27:32 EST 2015
On Thu, Feb 19, 2015 at 10:07 PM, Bill Stewart <billstewart at pobox.com>
wrote:
>
> > As a meta-comment on passwords: there is a big shift underway now to
>> > start doing dual factor using the person's phone.
>>
>
> The great thing about this, if you're in the advertising business,
> is that coupling the account information with a phone
> gives you a much more positive identification of the user.
>
Also law enforcement.
The phone has location history: in the past and as long as
it is active in the future history is generated.
This establishes a tighter law enforcement context. That context might
be abused for any phone or it might make it very difficult for any
ID thief to make money. Today stolen money and IDs flow from state to
state
and nation to nation because the stolen IDs are shared in bulk state to
state
and nation to nation for exploit. Tying the gain to a physical
device implies that that physical device has to change hands and
that physical device cannot be sent or sold to many bad guys
at the same time.
The location component is what is important. Location, location, location.
<http://www.metzdowd.com/mailman/listinfo/cryptography>
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150220/bc86dbff/attachment.html>
More information about the cryptography
mailing list