[Cryptography] Passwords: Perfect, except for being Flawed
ianG
iang at iang.org
Sat Feb 21 06:38:45 EST 2015
On 21/02/2015 03:27 am, Tom Mitchell wrote:
> On Thu, Feb 19, 2015 at 10:07 PM, Bill Stewart <billstewart at pobox.com
> <mailto:billstewart at pobox.com>> wrote:
>
>
> > As a meta-comment on passwords: there is a big shift underway now to
> > start doing dual factor using the person's phone.
>
>
> The great thing about this, if you're in the advertising business,
> is that coupling the account information with a phone
> gives you a much more positive identification of the user.
>
>
> Also law enforcement.
> The phone has location history: in the past and as long as
> it is active in the future history is generated.
>
> This establishes a tighter law enforcement context. That context might
> be abused for any phone or it might make it very difficult for any
> ID thief to make money. Today stolen money and IDs flow from state to
> state
> and nation to nation because the stolen IDs are shared in bulk state to
> state
> and nation to nation for exploit. Tying the gain to a physical
> device implies that that physical device has to change hands and
> that physical device cannot be sent or sold to many bad guys
> at the same time.
>
> The location component is what is important. Location, location, location.
> <http://www.metzdowd.com/mailman/listinfo/cryptography>
Very true. But the notion that law enforcement or advertising was
waiting for this little help-up in their efforts is for the birds. As
far as I know, they've been all over this for the longest time.
iang
More information about the cryptography
mailing list