SoylentNews is people
SoylentNews
In a presentation at this year's RSA Conference, taking place in San Francisco this week, Dr L Jean Camp, a professor at Indiana University Bloomington in the US, and her doctoral candidate Sanchari Das, detailed their research into why people aren't using Yubico security keys or Google’s hardware tokens for multi-factor authentication (MFA).
For those who don't know: typically, you use these gadgets to provide an extra layer of security when logging into systems. You enter your username and password as usual, then plug the USB-based key into your computer and tap a button to activate it. The thing you're trying to log into checks the username and password are correct, and that the physical key is valid and tied to your account, before letting you in.
That means a crook has to know your username and password, and have your physical key to log in as you. We highly recommend you investigate activating MFA on your online accounts, particularly important ones such as your webmail.
What the pair found during their research work derails any previous assumptions that the lack of MFA uptake is because people are stupid, or can't use the technology. What it comes down to is education and communicating risk.
(Score: 0) by Anonymous Coward on Thursday March 07 2019, @08:14AM
Do not we mean, sit up, bend over, give us the retinal scan, the Colonic Polyp schematic, and your maiden's mother's name, and the name of your first pimple. Security is starting at the wrong end with this, if they cannot secure a username/password combination, why in the world would I trust them with more definitively identifying information? I mean, once you know that this is Runaway1956 posting as AC, and that I have had sex with animals, and my back account if full of Rubles, what more could you do to me? Please, catch me, expose me, arrest me! Take away my VA benefits! Forbid me to wear the uniform! Change my name to aristotle, for the win! Seriously! Halp!!!!