SoylentNews is people
SoylentNews
from the isn't-it-about-time-to-move-on dept.
Submitted via IRC for TheMightyBuzzard
A global study from IBM Security examining consumer perspectives around digital identity and authentication today, found that people now prioritize security over convenience when logging into applications and devices.
Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security.
With millennials quickly becoming the largest generation in today's workforce, these trends may impact how employers and technology companies provide access to devices and applications in the near future. Overall, respondents recognized the benefits of biometric technologies like fingerprint readers, facial scans and voice recognition, as threats to their digital identity continue to mount.
Source: https://www.helpnetsecurity.com/2018/01/29/authentication-today/
(Score: 5, Insightful) by maxwell demon on Tuesday January 30 2018, @06:12AM (5 children)
"We have every right to demand both eating our cake and having it. There is no reason to sacrifice one for the other."
Security is inconvenience. Even a simple password prompt is an inconvenience. You cannot get security without inconvenience.
Biometrics is convenience (no need to have to remember passwords), but at the cost of security (biometrics are not unbreakable, as has been frequently proved, and if your biometrics has been cracked, you cannot simply replace it).
Two-factor authentification is security, but at the cost of inconvenience (you have to carry around that second factor; if you use the phone as second factor, you get more convenience because you carry it around anyway, but at the same time less security because phones are greatly more hackable than dedicated authentication devices).
Password managers are a mixed bag. In principle, they don't give more security, as they just store passwords; theoretically you'd be more secure by storing those passwords in your head. In practice, they actually can increase security because our brain's ability to hold strong passwords is not very good (OTOH, a weak password on your password manager effectively weakens all passwords stored in it). The password managers on one hand increase convenience because you have to remember less passwords (just the one for your password manager), on the other hand decrease it because you always have to have your password manager around, and if you happen to forget your password manager's password, the shit really hit the fan.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Informative) by anubi on Tuesday January 30 2018, @06:47AM (3 children)
My main beef with password managers is monoculture.
Once the encryption algorithm of *that* manager has been compromised, all the others are apt to be compromised as well.
Once the word is out how a "bump key" works, nearly all mechanical locks of that design are degraded as far as security goes.
Personally, I consider the lock as nothing more than evidence that I intended no access, and violation of my lock is only evidence that entry was gained without permission. I have other methods ( covert cameras ) to document the act so I can seek redress in a court of law.
Everybody has known for years that locking your car is no defense against a Slim Jim. I have even had to use that way myself a couple of times when I locked my keys in the car.
The thing that concerns me these days is how impersonal identity theft has become. All done by scripts. I never will know who is dinging me, and nearly every business demands my info with the quite legitimate reason that they need to vet me... problem is they keep sharing that information, willingly or accidentally, so that slowly but surely, everyone's private affairs get cross-referenced and indexed onto darkweb databases. Nothing is private anymore. I don't have anything that can't be replicated sufficiently to deceive a sensor so as to perform actions in my name.
The number one reason for my failure to accept even "micropayments" on the web is because in order to pay, even one cent, I have to reveal my payment credentials. I can trust NOBODY. Not even Equifax! They all *say* they can be trusted, but their fine print all says "if you actually believe what we told you in large print, you are a big trusting fool!".
I can't shut down everything, but I will avoid any kind of payment / identification for certain things, well known to be highly risky, such as porn, warez, pirated stuff, anything illegal, gambling, and games. I don't even have a google account yet. I use an anonymous email account, which I would pay for, if I knew beyond a shadow of a doubt, that they would not share my real info. I have researched through Spokeo and already there is far more stuff out there on me than I feel comfortable with. As a result of the Equifax breach, I know that there is enough out there to confuse the entire population of the world as to who is really who.
Its no longer a function of being careful.
Its now a function of pure statistics as to when my identity is going to be misused.
My best attempt to cope with this was to adopt a much lower lifestyle, so little is at risk. Own your stuff outright and pay cash when possible, using credit cards if necessary for telepurchases. Pay your debts off. If you have money laying around, keep it in some sort of investment which requires you to interface with your banker/broker. Personally. Something fishy come over the wire, and they will question it.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by c0lo on Tuesday January 30 2018, @07:46AM (2 children)
Yes, but recall that joke with the guy donning his runners and telling his companion: 'i don't need to run faster than the lion, I only need to run faster than you'.
If a hacker targets you, it's only a matter of time before he gets your identity. If you are only one of the many, you only need to be a bit 'more secure' than the most of others.
True, given how many companies store data about you, you have little control on what/when the things go south. Minimising your profile involve indeed minimising the number of companies you share your data with.
Also, which devices you use to interact with them.
I'm using a single payment processor and that is linked with a debit card account which is loaded only minutes before making a purchase. If a webshop doesn't accept that payment processor, I don't buy from that shop.
And I do my online shopping and ebanking only from a laptop at home, laptop that runs Linux (thanks deity the era of IE-only supported is dead), laptop that never leaves my home and is powered off most of the time.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by arslan on Wednesday January 31 2018, @12:59AM (1 child)
Eh? That analogy only stands for instance when the hacker is targeting individuals, not when they're targeting data dumps. The analogy to that would be you running faster than me is useless if there's a tsunami coming at all of us. I have to be running faster than that...
(Score: 2) by c0lo on Wednesday January 31 2018, @02:09AM
Works in this case too. Assuming your passwd is not based on dictionary words, the digest of it in the dump will be harder to crack. After getting enough passwords reversed, I have a feeling the attacker will just let yours be.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0, Informative) by Anonymous Coward on Tuesday January 30 2018, @05:51PM
Security is inconvenience
That is a lie. It is supposed to be only inconvenient for the crook, not the user. We have to put the burden on the people who run the system. The problem is that we believe all their bullshit that "it's too hard". They are liars, and we have to call them on it and put them out of business if they don't provide what we demand. That is how we are supposed to work the "free markets". If we don't demand good service, we won't get it. The clarity is overwhelming.