A simple solution would be not to give your keys out to untrusted parties Fwiw, the Technet article was written by Steve Riley: "It's Me, and Here's My Proof: Why Identity and Authentication Must Remain Distinct" - it's a good article, worth reading.
From: [email protected] [mailto:[email protected]] On Behalf Of Micheal Espinola Jr Sent: Thursday, 31 July 2014 4:42 PM To: ntsysadm Subject: Re: [NTSysADM] This was inevitable, but it's still a good reminder I'm sorry, what exactly was your proposal? Was it the technet article? I didnt read it. -- Espi On Wed, Jul 30, 2014 at 9:13 PM, Ken Schaefer <[email protected]<mailto:[email protected]>> wrote: So, what's wrong with my proposal? You didn't address that anywhere, unless I've missed it somehow. (leaving aside the issue of traditional lock picking, which has been an issue, or non-issue, for years) From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Micheal Espinola Jr Sent: Thursday, 31 July 2014 1:34 PM To: ntsysadm Subject: Re: [NTSysADM] This was inevitable, but it's still a good reminder I'm referring specifically to the standard types of keys that are used by consumers for thier private property. Current common door locks/keys are decreasingly viable as a security solution, and have been for years. If a common key can now be duplicated via automation simply by a series of pictures, then its really time to put this antiquated system to rest. Keys need to become more complex. Its not that I have issue with the concept of physical keys - its a problem with the low-tech variations of common locks that are still so prevalent around the world. "Authentication" issues aside, the typical mechanical systems are still not complex enough to prevent basic lock-picking methods. And now, we are subject to duplication by photograph? I think this is a horrendous turn of events. Cool tech, but how utterly exploitable on a massive scale. People are already subject to video-based types of identity theft. Now, I would speculate, that we can welcome breaking and entering. -- Espi On Wed, Jul 30, 2014 at 7:14 PM, Ken Schaefer <[email protected]<mailto:[email protected]>> wrote: Why do they "have to go"? Keys are a physical authenticator (something you have). You give it to someone else, and you run the risk of it being cloned or otherwise compromised. A simple solution would be not to give your keys out to untrusted parties... I think the fundamental issues with using current keys is that there's no separation between identity and authenticator. Just like using your CC number online: http://technet.microsoft.com/en-us/library/cc512578.aspx is an old article, but still applies. Not to mention the lack of simple revocation mechanisms, audit capabilities etc. :) Cheers Ken From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Micheal Espinola Jr Sent: Thursday, 31 July 2014 11:11 AM To: ntsysadm Subject: Re: [NTSysADM] This was inevitable, but it's still a good reminder It was inevitable. Locks and keys as they have existed for decades simply have to go. -- Espi On Tue, Jul 29, 2014 at 7:17 AM, Kurt Buff <[email protected]<mailto:[email protected]>> wrote: Physical security is just as important as computing security http://www.wired.com/2014/07/keyme-let-me-break-in/
