On Aug 13, 2008, at 10:52 PM, Andy Arnold wrote:
What a great overview, thank you Lee. Along these lines, I read an interesting NYT article that (surprise, surprise) indicates website passwords are virtually useless. I'd be interested in your thoughts on this one as well: http://www.nytimes.com/2008/08/10/technology/10digi.html?_r=1&scp=1&sq=goodbye%20passwords&st=cse&oref=slogin
I'll never pass up an invitation to pontificate…I've read many articles like that one you referenced. This one has been making news because it appeared in The New York Times.
Every authentication scheme has disadvantages. The problem is one of security versus utility. Properly used, passwords are a simple and safe security method; people are lazy, forgetful and gullible. Other methods trade some simplicity for more security.
For example, a method that's in vogue among security gurus is password- less login using encryption techniques, as was mentioned in the NYT article. Password-less login is not a new idea. It's a feature of SSH, which has been shipped on all Unix-type machines — including Mac OS X and Linux — since some time in the last century. I've been using it on all my Unix-type machines at least since Mac OS X appeared. Its name is completely wrong; there is a password involved.
To show you how complex it is, here's how it works.As usual with public key encryption, SSH is used to generate a public/ private key pair. The public key is stored on the destination machine and the private key is kept private. When you try to log into the destination machine, it uses the public key to encode some information and asks your machine to decode it. Since the only way to decode it is with the private key, a correct answer tells the destination machine you are who you claim to be.
Notice that the key pairs are not much more than specialized passwords too long and complicated to memorize. The idea is that everybody should scatter their public key to the Internet winds so anybody can use it. The private key is closely guarded, perhaps on a USB flash drive — password protected, of course — so it can be used to authenticate identity wherever you are.
Another idea that's making waves is the Perfect Paper Password (PPP). In this scheme, a list of gibberish passwords is generated on a small card that you could keep in your wallet. Each password can only be used once. This is sort of like the one-time code pads all John le Carré's spies use. Of course, the security guys say this should ideally be a "three-factor authentication scheme": username, password, PPP, because you really don't want to carry around a list of your passwords in your wallet without having a secret password besides. So, our old friend, the traditional password, is still there. All that happened was another layer of complexity was added.
My feeling is that something like the SSH-based password-less identification will eventually win out because it's very simple from the user's point of view. There's complexity in the background, but it works like magic in the foreground. (Clarke's Third Law: Any sufficiently advanced technology is indistinguishable from magic.) It also has the advantage that the same key pairs can be used for encrypting and signing mail, going a long way toward killing spam.
In the meantime, most of the problems with passwords can be cured with common sense:
Make your passwords at least eight characters that are gibberish in any language. The most common source used by the bad guys to mine for passwords is the dictionary, and you can't count on the dictionary being English.
Don't re-use the same password on all sites. This is the weakness of the currently fashionable OpenID system: one password to rule them all and Sauron wants it! This is also a potential weakness with the password-less scheme.
Don't send a password to any site unless the link is encrypted and you're sure the guy on the other end is who he claims to be. Make sure the little lock appears on your browser screen. This is why I refuse to use standard POP and IMAP mail; the password travels naked for the world to see and that man in the middle might not be my friend.
Store your passwords securely and keep them secret. The Mac keychain is good. Lots of people like 1Password because it works on the Mac, iPhone and iPod Touch. I use Yojimbo because it's secure, can store anything and can be synced over MobileMe. (Yes, that's finally working again.)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ The next Louisville Computer Society meeting will be September 23 at MacAuthority, 128 Breckinridge Lane. Posting address: [email protected] Information: http://www.math.louisville.edu/mailman/listinfo/macgroup
