Google cryptographer and all-round security expert Ben Laurie's been blogging some great security thinking lately. Today he's got a really fascinating, thoughtful piece about the problems of passwords:
So, where does this leave us? Users must have passwords, so why fight it? Why not admit that its where we have to be and make it a familiar (but secure) process, so that users can actually safely use passwords, phishing-free?
Do Passwords Scale?
The answer to this is deeply sad. It is because we have done a fantastic job on usability of passwords. They’re so usable that anyone will type their password anywhere they see the word “password” with a box next to it. Phishing is utterly trivial because we have trained the world to expect to be phished every time they see a new website.
Of course, we can fix this cryptographically - that’s easy. But let’s say we did that. How do we stop the user from ever typing their password into a phishable box from this day forward? So long as they only ever type the password into the crypto gadget that does the unphishable protocol, they are safe, no matter who asks them to log in. But as soon as they type it into a text box on a web page, they’re screwed.
So, this is why passwords are the worst usability disaster ever.
Centron Corp. was good enough to prepare this helpful safety video for pre-helicopter parenting days. Oh, for the days when you’d send your kids out for a night of trick-or-treating at strangers’ houses with nary an adult in sight, all the time wearing sight-restricting masks and dark clothes.
If you grew up in certain areas of the country, you may have been subjected to a lot of education about the dangers of blasting caps, like this PSA by The Institute Of Makers Of Explosives.
Los Angeles is a car town, so it’s controversial to promote “road diets,” a form of roadway reconfiguration intended to slow cars and reduce collisions, especially with cyclists and pedestrians. Scientists reviewed data from one controversial road diet and found that crashes were cut in half, and unsafe speed crashes dropped to zero.
I’ve never really felt the need to purchase a smartwatch because a lot of them aren’t very functional, but at just shy of $30, the Martian Notifier Smartwatch was worth checking out. For that low of a price, it actually does feature an impressive amount of functionality, and comes in handy when you don’t want to be carrying around your […]
Geek Fuel is a subscription delivery service that caters to those of us that love comics, gaming, and general geek culture. Every month, Geek Fuel will assemble a box of goodies with a value of $50 or over. The specific items are a mystery, but you’ll always get an exclusive t-shirt not found anywhere else, a full […]
If you like to DIY and you like helicopters, you’re going to really love the Flexbot Hexacopter Kit. This copter blows traditional models out of the water: it includes everything you need to actually build your own hexacopter, and then pilot it like a pro, too.The construction is complicated enough to give you a challenge, […]