SoylentNews is people
SoylentNews
from the isn't-it-about-time-to-move-on dept.
Submitted via IRC for TheMightyBuzzard
A global study from IBM Security examining consumer perspectives around digital identity and authentication today, found that people now prioritize security over convenience when logging into applications and devices.
Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security.
With millennials quickly becoming the largest generation in today's workforce, these trends may impact how employers and technology companies provide access to devices and applications in the near future. Overall, respondents recognized the benefits of biometric technologies like fingerprint readers, facial scans and voice recognition, as threats to their digital identity continue to mount.
Source: https://www.helpnetsecurity.com/2018/01/29/authentication-today/
(Score: 1) by anubi on Tuesday January 30 2018, @09:58AM (2 children)
Cool!
My "file" is a copy of a particular version of the Bible, which I can access from nearly anywhere on the internet. Like you say, the main thing is keeping my "processing rules" to myself. With the same goal in mind you just stated... about having a single point of failure negate all my passwords, rendering them unrecoverable, even to me.
Ideally, I would like any password window to be able to accept the output of my MD5 digester. That way I can have different high-entropy passwords for everywhere. But to me, the password for, say here, would simply be "soylent". And the bank is simply "bank". Just something different so that the hashes I generate will be different. The real core of the thing is like you say, the processing rules "ruleset" is the heart of the security mechanism, which everyone makes for themselves.
One would have to code the thing themselves so that no automated script can be made to ferret out the critical heart and send it home.
Scripts correlate code easily to known patterns. Every instance of this thing has got to be unique.
Otherwise, the whole shebang becomes as fragile as monogenomic corn is to a deliberately engineered corn virus.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by janrinok on Tuesday January 30 2018, @02:28PM
I deliberately do not do this although I can understand the convenience that it would provide. I would rather cut and paste; the web page only has access to whatever I paste in the window. I could add a few more lines of code so that it is already in the buffer and a Ctrl-V is all that is required. It cannot discover where I get that data from or how it was generated, indeed I can change the location of the program freely as long as I know how to run it. At home, it isn't even running on the same machine that I use to access the internet.
For example, I have the same program, data and processing rules on a memory stick so that I can travel with it or use another computer other than my own. After I have removed the stick there is nothing on the host machine to compromise it. If the memory stick is lost, stolen or seized by LE it might compromise my random data and processing rules, but without knowing what 'key' I type in to access a specific password it is unlikely to produce the correct data for anyone else. And that is assuming that whoever finds it recognises what it is or what it might be used for.
If you use the output of MD5SUM someone already knows the length of your password and the valid character set, although that is certainly much more secure than a simple passphrase. However, I realise that many websites only accept a very limited character set anyway. I have also found a few sites that only look at the first n characters so any more than that is ignored. Any additional effort on our part will achieve nothing in terms of additional security. I don't tend to use those sites often as I seriously doubt their commitment to keeping my data safe.
(Score: 2) by janrinok on Tuesday January 30 2018, @02:55PM
Giving it a bit more thought, the rule set is nothing more than a sequence of numeric values in my program - how they are generated is the key - and the program knows how to interpret them. However, it would be easy for me to add an 'installation key' facility so that any key specified would automatically generate the rule set and a large random data file. The installation key would only be used once (it would be repeatable given the same key on subsequent installations) but would mean that anyone could install the program, choose an installation key, and be good to go with a unique set of random data and rules. Hiding the rules somewhere in the random data set would make them unrecoverable unless one knew where to look for them.
I might kick this idea around a bit but, for my current needs, it is not necessary.