Password safes &c. (was: Dear Linkedin,)
Andrew Sullivan
asullivan at dyn.com
Fri Jun 8 20:48:38 UTC 2012
On Fri, Jun 08, 2012 at 01:30:42PM -0700, Michael Thomas wrote:
> PS: when security is hard, people simply don't do it.
I think this is exactly right.
The idea that we are going to train everyone on earth to keep eleventy
billion distinct passwords in their heads -- or in a "password safe"
that is either (1) under someone else's control because it's a web
service or (2) inaccessible half the time because it's on their laptop
and they're using their phone now and OMG -- is preposterous. (This
without mentioning that they also have to remember the username that
goes with it, which is _also_ variable.)
We have an engineering challenge here, and the PKI we have so far
doesn't work. No, I have no magic answers. I'm not that smart.
Michael Thomas is still right about this.
Best,
A
--
Andrew Sullivan
Dyn Labs
asullivan at dyn.com
More information about the NANOG
mailing list