SoylentNews is people
SoylentNews
from the isn't-it-about-time-to-move-on dept.
Submitted via IRC for TheMightyBuzzard
A global study from IBM Security examining consumer perspectives around digital identity and authentication today, found that people now prioritize security over convenience when logging into applications and devices.
Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security.
With millennials quickly becoming the largest generation in today's workforce, these trends may impact how employers and technology companies provide access to devices and applications in the near future. Overall, respondents recognized the benefits of biometric technologies like fingerprint readers, facial scans and voice recognition, as threats to their digital identity continue to mount.
Source: https://www.helpnetsecurity.com/2018/01/29/authentication-today/
(Score: 2) by DannyB on Tuesday January 30 2018, @05:19PM
Security vs Convenience.
Someone else already pointed out how these are a tradeoff.
I'll give an actual example.
I build a web application. People testing need to log in to it fifty times a day. So I built a feature where the server can be configured with pre-set credentials. When the login page is displayed, the name / password are pre-filled out with the configured values. This does NOT make those configured values valid. It just means you don't have to type them in. The server's configuration is only controllable by the server's owner. (And if not, then you've already got bigger problems.) It is still necessary to know credentials to put them into the config file. On test servers, these credentials don't provide access to anything but test data. Production servers are never configured this way. (And again, if an outsider knew valid credentials, and the config file could be manipulated by an outsider, then you've already got bigger problems.) There is also a compile time feature which determines if a compiled server even has this configuration feature available. Various development and testing features are controlled by compile time flags -- which the "About page" will indicate as flags in the version information so it is possible to detect a misconfiguration of the compilation stage of the build.
The feature has one more thing in addition to the name / password. It has an "autologin" flag. That way when testing, it is not necessary to visit the login page. Just accessing any bookmarked URL, which normally would route you through the login procedure first, ultimately gets you automagically logged in, and routed back to the bookmarked action you are testing.
This is an example of security versus convenience. I built a convenience that can be configured to bypass security, for internal porpoises.
The lower I set my standards the more accomplishments I have.