, 2004-05-26
For the 70% of the population that will trade their computer password for a bar of chocolate, this one's for you.
Expand all |
Post comment
Pass the Chocolate
2004-06-01
Tommy Ward (2 replies)
Tommy Ward (2 replies)
1: It must be statistically impossible to duplicate within the time frame the authentication is valid. Pass phrases and keys that can only be brute forced combined with expiring keys/passwords is just this, and the basis for the article.
2: It must be easy to use. Easy. Very easy. So easy that your grandmother won't have a problem using it in twenty different places. Remembering 20 different passwords won't do. The article does nothing to help here. A $20 keyring fob that remembers passwords and hides them behind a single password does help, but only if it's verifiably secure and kept secure.
3: It must be changeable if compromised, and alternative authentication methods must be available. This is VERY important, and something that biometrics can't offer. What happens if someone copies your fingerprint? Cut off your finger and grow a new one? How about if someone steals your DNA?
It's bad enough that people today get discriminated against and can't hold certain jobs because they don't have fingerprints, but I fear what tragedies tomorrow's identity thefts will cause.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/245/26617#26617