Re: [FRIAM] Password Change Requests

Fri, 18 Apr 2014 10:49:39 -0700 

On 04/18/2014 10:12 AM, Owen Densmore wrote:

In addition, lots of sites let you login with Google, Facebook, Twitter and
others.  So if we have a small number of 2-factor providers, the hassle
would be minimized.



I reject the argument for centralization.  It seems to me a 
decentralized approach will be more robust.



Why would this be useful?  You could use a small set of passwords for
various 2-factor providers and attach your several hundred logins to them.
  You could also use much simpler passwords, because password vulnerability
would no longer completely expose you to the bad guys, unless they steal
you mobile devices (phone, tablet, etc)



On the one hand, you're arguing for convenience and, on the other, 
security.  This is akin to Franklin's accusation: “Those who would give 
up essential Liberty, to purchase a little temporary Safety, deserve 
neither Liberty nor Safety”.  You're optimizing 2 conflicting 
constraints.  That's OK.  But it would be better to be excruciatingly 
clear what the two objectives really are.  What are they?



Google has the notion of "trusted devices" which reduces the
PIN annoyance on your own devices: laptop, phone, tablet etc.  It also has
backup passwords for apps/devices which cannot manage the 2-factor login.
  Its been fine for me for over a year.

Is it time to migrate to 2-factor as much as one can?



My answer to this is absolutely!  But not if it's going to encourage 
more sloppiness on the part of most people.  If it encourages people to 
put all their faith in Google or Facebook, to centralize on them as a 
convenient service, then I'd argue it degrades security.... It would 
defeat the very purpose.


I' rather argue that everyone implement and use their own 2-factor auth.


Personally, I don't see what the problem is.  Yeah, 100s of long 
non-mnemonic passwords is inconvenient... but so is driving, brushing 
your teeth, digging holes in your garden, etc.  Unless your objective is 
to become a brain-in-a-vat, you either have to learn to love what you do 
or stop doing the things you don't love.  Convenience is the _enemy_.


--
⇒⇐ glen

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com





















					Reply via email to