Monday, December 10, 2012

Passwords
Versus The Limits of Human Comprehension
Versus The Anti-Security Rats

--
This past week I listened to a US NPR (National Public Radio) program on the Diane Rehm Show entitled 'The Illusion of Online Security'. Despite the fact that the program featured terrific security expert Kevin Mitnick, among others, it was worthless garbage chatter. I personally sent off two simple and direct email questions to the program in order to get the discussion above the level of coffee talk, but both were ignored. I asked about multi-factor authentication, specifically the concept of using something we KNOW, such as a password, and something we HAVE, such as a Yubikey. But apparently, from what little was said about multi-factor authentication, the subject flew far over the heads of everyone in the discussion but Kevin. I felt sorry for Kevin, as he reiterated several times the key problems with today's Internet security, and not once did I have any sense he had penetrated the skulls of the others speaking. I wished I had been there to help Kevin speak to the issues on something closer to the level of their comprehension. But I realized they were simply not going to understand.

The concept of technology being beyond the comprehension of average people is very old. I remember the 1970 book 'Future Shock' by Alvin Tofler. It was a fanciful adventure in FUD, mixed with some bits of actual futurism, designed to sell books. It was also made into TV special to add illustration to its sensation. One thing it did manage to portray well has been the inability of the human mind to comprehend the full complexity of our world. As we watch the ramifications of the damage our species wreaks upon our miracle planet, how can any of us comprehend a solution beyond our individual lives? It is too much for any one mind to grasp. Similarly, today's technology is well beyond the comprehension of most human beings. Understanding it all is simply NOT going to happen among the average populace. There is no solution any of us can comprehend beyond making certain we are safe and secure within our individual lives.

For those of us who can and wish to understand the issue of passwords on the Internet, I want to pass along a nicely concise article entitled "How Attackers Steal Passwords" by Joe Golton. It is well worth a good read to both yourself and anyone willing to listen. I'll be reading it to the local PC user group where I often teach.

I must add to Joe's list of 9 methods of stealing passwords Number 10: Illegal government surveillance in violation of your personal privacy rights. In the USA this pertains specifically to violation of the Fourth Amendment of the US Constitution. We might as well be realistic. Illegal US government surveillance of US citizens on US soil is a constant, ongoing event at this time. This isn't the place to discuss the politics of why. It is simply a fact we must consider. It is also one reason I will be discussing tools for encryption of personal data in future articles.

Related articles by Joe Golton are:

'A Guide to Using Passwords Without Distraction.'

'Which Password Manager?'

:-Derek
---

No comments:

Post a Comment