Google cryptographer and all-round security expert Ben Laurie's been blogging some great security thinking lately. Today he's got a really fascinating, thoughtful piece about the problems of passwords:
So, where does this leave us? Users must have passwords, so why fight it? Why not admit that its where we have to be and make it a familiar (but secure) process, so that users can actually safely use passwords, phishing-free?
Do Passwords Scale?
The answer to this is deeply sad. It is because we have done a fantastic job on usability of passwords. They’re so usable that anyone will type their password anywhere they see the word “password” with a box next to it. Phishing is utterly trivial because we have trained the world to expect to be phished every time they see a new website.
Of course, we can fix this cryptographically - that’s easy. But let’s say we did that. How do we stop the user from ever typing their password into a phishable box from this day forward? So long as they only ever type the password into the crypto gadget that does the unphishable protocol, they are safe, no matter who asks them to log in. But as soon as they type it into a text box on a web page, they’re screwed.
So, this is why passwords are the worst usability disaster ever.
These Soviet safety posters delivered their message in bold terms.
The U.S. National Highway Traffic Safety Administration (NHTSA) today said it is opening a preliminary investigation into 25,000 Tesla Model S cars, following the death of a driver who was killed using the vehicle’s Autopilot mode.
Bleach-toothed motivational speaker Tony Robbins charged between $650 and $3000 for tickets to his 3.5 day Unleash the Power Within seminar outside Dallas, Texas, where participants are taught to walk on hot coals.
Much of what goes into creating an amazing photo happens in the digital darkroom. Here’s your chance to master all things photo editing: the Ultimate Adobe Photo Editing Bundle, now available in the Boing Boing Store for just $29.99.Across 8 courses and over 41 hours of intensive instruction, you’ll learn the fundamentals of Adobe’s suite of photo […]
3D printers are hot, but they’re also pricey. While the prospect of cranking out everything we can dream up is enticing, cost is often one factor that keeps us from jumping onto the 3D printing train.Now, thanks to M3D, that doesn’t have to be the case. You can now get its flagship 3D printer–plus four reels of filaments–for just […]
It’s no secret that technology is changing the way we all work—but it’s also transforming the way we play. The games of today look nothing like those of 10 or even 20 years ago: these days it’s all about mobile and 3D. And now you can learn to design 3D mobile games with the Intro to Unity 3D Game […]