Will Your Password Need A Password?

from the better-security dept

If you hadn’t realized it already, simple username/password combos are a pretty weak form of security – yet they’re pretty much all we have for many important online systems that store our most vital information. While there are other solutions out there, many companies (especially in the US) have been incredibly slow in adopting “two-factor authentication” systems that require a password plus something else – such as a onetime code generated by a device you have to have with you (or built into your computer). The idea, then, is that if your password is revealed, no one else has the device, so it’s useless. If they find the device, they don’t have your password, so it’s useless. However, so far, many users don’t value this additional security very much – and the devices still aren’t all that cheap. Plus, many companies are worried that users will react negatively to such systems as it may slow down the user experience – causing them to look for other (albeit less secure) alternatives. Then, of course, there’s the worry that people will start using such systems that aren’t compatible with each other, so you’ll need separate devices for every account – which would be much worse than before. Others, such as those in the fingerprint scanning business think a biometric approach makes much more sense – but that leads to all sorts of other questions and issues. Still, as there are more and more cases of fraud and identity theft due to so much weak security, it seems increasingly likely that companies will be forced to adopt more secure methods.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Will Your Password Need A Password?”

Subscribe: RSS Leave a comment
1 Comment
Ed Halley says:

No Subject Given

Gross generalization here: Users have no contextual understanding of how “security” works, and no real incentive to come to understand it, either. They’ll follow procedures to get paid, but only if they actually see that they need to follow the procedures.

Security is not a product, it is a process. You can’t just layer on a coat of “security paint” and expect everything to be safe from intrusion.

A good security training exercise is not to teach the users how to take care of their passwords or tokens, but to teach them how to attack a security system. From that mindset, they learn how to protect far more than just a password or a token.

Show a couple of scenarios mixing physical, social and electronic attack. Then show a hypothetical system and discuss how the intruders could attack that system, and how it can be improved.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...