In arriving at work this morning, I'm locked out of my account again field today and with that, I begin to think about the blatant failure of words passes as a technical authentication. It's time to start thinking about something better.
Hit your favorite search engine with "Passwords suck" and you can be entertained for hours. Amused because many other people share your same frustration. In the IT space, however, it is a genuine problem; Passwords suck, they do not do what we need and they IS stopping users from doing what they need. Here, insert "I" for "users". I must not lose 15 minutes in the morning, every morning, unlock my account, followed by writing an hour here after this ...
Find the offending machine and set the
Yeah, been there, done that. Offending machine was in my office identified by name and IP address, and then turn it off for a day to prove it. After serving his memory passwords, I'm still lockout, so I broke the big guns and formatted the whole box. Of course, I had to reload everything, but hey, a new beginning is good from time to time. No more remembering passwords!
Good for 2 weeks now I'm locked up again and no, I have not changed my password. Maybe they really are out to get me? Let's get back on track.
I do not pretend that this is my fault IT org, it is not . They use the best technology the industry has to offer - I say this technology is clearly insufficient. Since I'm part of the "industry", I blame myself. The first rule of leadership, it's all your fault ...
two factors and three factors
Here inside Citrix, we have 2 factors hardware tokens, with pins. We also use text passwords with the standard requirements for complexity rules. This is like "Factor 3".
Of course, the devices with two factors including RSA had some problems, but the idea of using two factor authentication actually works. I have a PIN, which never changes; so it is easy to remember. As with all two factors, I also have a material thing that I "have". Put them together ... and quite safe.
Inside the company, I mean once you are, we use passwords, just passwords. Today, I suggest that passwords suck and that instead of using passwords, we must always use two factors ... and never use a password. More importantly, you should never ask users to remember complex chain of at least 8 characters characters, with capitals, lowercase letters, numbers and special numbers, then tell them not to use the same word password on more than one computer, or write!
Of course, I wrote it! How do you think I remembered how to type in !!
Biometrics
We can remove the password text and still have 3 factors by biometrics adding two-factor authentication. Here I propose to use the blood type . This is not guaranteed, but there are many A, B, O, +, - combinations and this is yet another line of defense. We know that not only the trendy PIN right but a right user type blood was the one who typed in the PIN. See, we prick the finger a random point while typing the PIN and it means that the person who typed the PIN * IS * the right person. Taking this to add recognition of DNA is only a matter of time. 
Of course, fingers get sore all the stitching, but it is low cost.
What is better
The answer is probably smart cards. In a way, this is the same as conventional devices "key fob" to two factors, but better. Both work. BUT, if I pass the test of the smart card, DO NOT ask me to remember or input a password. It is simply not worth it! At least this is my feeling at the moment. Do you agree? Even true for two FOBs factor? SMS messages systems?
Conclusion
I hope this can generate a good conversation. I'm pretty much done with passwords, but in reality, I do not have a better answer. No one in fact computer. BUT, we have to start thinking in this direction because the current system ... sucks.
nuts Why not the vanished world of smart cards? Must be the cost. Is this global federated identity change of the Internet, with a unique place to authenticate and a single smart card to perform?
Not sure I want to be tracked as much, or be subject to a single place to denial of service. Maybe passwords are the best answer.
Joe North
0 Komentar