Discussion on:
View:
Show:
along with the Google Glass project. The possibility of "remote stalking" and knowing "for sure" that you are away from home are just two quick thoughts. We will need to drop legacy software/apps/thinking and move to a new level of security. Brave new world - here we come.
I think we need to look at this whole subject in some new ways.
There are several aspects to this:
1. What gets stored on network servers.
2. How important it really is to keep some data protected or secure.
3. What we can actually do about crime on this planet. We are reaching the limit on how much crime can be tolerated in society without it caving in. There are ways beyond psychology and ordinary justice systems to understand the destructive urge of certain members of the population and how to get it (them) under better control.
4. Putting individuals more in control of their own data with truly innovative, decentralized security systems, such as storing the most personal data only in a personal "wallet" that a person is responsible for keeping safe and using whenever he needs access to personal data stored on internet servers.
Part of the problem is that governments and companies want to keep so much personal information about citizens and customers in their own central databases. We need to take a good hard look at whether this model is really necessary to run a government or a business and whose interests it actually serves.
There are several aspects to this:
1. What gets stored on network servers.
2. How important it really is to keep some data protected or secure.
3. What we can actually do about crime on this planet. We are reaching the limit on how much crime can be tolerated in society without it caving in. There are ways beyond psychology and ordinary justice systems to understand the destructive urge of certain members of the population and how to get it (them) under better control.
4. Putting individuals more in control of their own data with truly innovative, decentralized security systems, such as storing the most personal data only in a personal "wallet" that a person is responsible for keeping safe and using whenever he needs access to personal data stored on internet servers.
Part of the problem is that governments and companies want to keep so much personal information about citizens and customers in their own central databases. We need to take a good hard look at whether this model is really necessary to run a government or a business and whose interests it actually serves.
One cannot isolate the problem or encourage awareness with misinformation.
"So while the company was claiming that this generated password would only be usable from a single app, this was not exactly the case."
Google never said you couldn't use it for more than one applicaiton. They said you shouldn't. They said it wasn't designed to be used for more than one app--hence the "application specific" part of it. That does not, however, compensate for these the fact one could reverse engineer the passwords.
With so many anecdotes and news stories about iCloud accounts being hacked, I am left to wonder why people still use them.
That said, it's still only a mediocre solution (at best).
@l_e_cox: The problems in society are caused by relative social disparity, which in turn are the result of artificial and real scarcity and a lack of any effective system for resource life-cycle management. In other words, it all boils down to economics.
Also, making the individual responsible for their online security is only effective once that individual is aware of the importance of this responsibility. Since the majority of Internet users are not aware, don't understand, and/or don't care, a solution such as a virtual wallet is ineffective. It comes down to education. Such a solution is more beneficial to those who would seek to gain access to a high profile individual's data (because such an individual would likely be less intersted in anyone else)...as one could attack the individuals "wallet" without collateral damage.
Breaking down the proprietary borders between authentication and authorization sites is the first and most troublesome step to resolving the bulk of technical security problems. End the end, it's still about economics and education.
"So while the company was claiming that this generated password would only be usable from a single app, this was not exactly the case."
Google never said you couldn't use it for more than one applicaiton. They said you shouldn't. They said it wasn't designed to be used for more than one app--hence the "application specific" part of it. That does not, however, compensate for these the fact one could reverse engineer the passwords.
With so many anecdotes and news stories about iCloud accounts being hacked, I am left to wonder why people still use them.
That said, it's still only a mediocre solution (at best).
@l_e_cox: The problems in society are caused by relative social disparity, which in turn are the result of artificial and real scarcity and a lack of any effective system for resource life-cycle management. In other words, it all boils down to economics.
Also, making the individual responsible for their online security is only effective once that individual is aware of the importance of this responsibility. Since the majority of Internet users are not aware, don't understand, and/or don't care, a solution such as a virtual wallet is ineffective. It comes down to education. Such a solution is more beneficial to those who would seek to gain access to a high profile individual's data (because such an individual would likely be less intersted in anyone else)...as one could attack the individuals "wallet" without collateral damage.
Breaking down the proprietary borders between authentication and authorization sites is the first and most troublesome step to resolving the bulk of technical security problems. End the end, it's still about economics and education.
Actually there are some crazy Estonians who are working on a solution for all the password problems. Besides that their solution doesn't need users private information like OAuth or OpenID and it can act as Virtual Identity Card
You can check it out here:
www.keylessid.com
You can check it out here:
www.keylessid.com
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
