Mar. 18th, 2015

teradyneezeri: (Default)
I am making this simply to get these thoughts out of my head. These are the more safe-for-work things I want to get eventually, and I will keep it updated whenever I think of other things I want.
  • Surface Pro tablet
  • LG Fx0 Firefox OS phone
  • Lifetime Pro account for Trillian ($60)
  • 4 x 4GB PC2-3200 Registered ECC memory (HAS to be Registered ECC) for Dell PowerEdge 1850
  • Books by Bernard Doove (I already have "Life's Dream" and "Transformations")
  • Year of Evernote Premium
  • "Head First JavaScript" and "Head First JQuery" (physical books)
  • Fursuit of my "Type G" white gryphon form from my Omega Wars universe
  • Custom gas mask from WildGasMasks
teradyneezeri: (mecha)
Today, I noticed that Yahoo has a new option for security called "Passwords On Demand". Rather than entering a password you know, it sends you a one-time password though an SMS message on a verified mobile phone. Seeing that I have two-factor authentication on anything that has the option, Including my Yahoo account, I thought little of it.

Then I began listening to Security Now episode 499, and Steve Gibson spoke of the feature. Leo Laporte mentioned that it is actually less secure, at which point Steve agrees that it is less secure simply because of the fact that someone from the government or a hacker could simply put malware on your phone to intercept your text messages, or simply obtain your phone to log in.

Deciding to give it a shot and see what it does, I swiftly changed my password options to use it. I received a one-time password consisting of eight letters, which I used to log in. That is when it dawned on me that this is not for people like Steve Gibson, who are security-savvy, or even myself, who happen to be tech-savvy. This is for people who have issues remembering passwords and end up writing them down somewhere, and do not want to bother with two-factor authentication. It is for the normal user who simply does not want to be bothered with advanced security.

In many ways, it is a brilliant solution for people who need something like it without wanting to bother with remembering a password, or the hassle of using LastPass or KeePass--and even though I use KeePass, I honestly find it annoying. Even two-factor takes so much time, when I would rather be dealing with other things or actually writing down information instead of wasting time to log in.

Once again, I feel like experts are blinded by their own ideals, seeing only one side of a multi-sided issue. I will not comment on the fact that there was technically a conflict of interest when Steve started talking about his own product, as I will not argue that his SQRL product is a safer option. Steve is very professional in that regard, and I have no doubt that he was aware of the CoI issue.

Regardless, I believe that many within the tech industry will needlessly attack this idea as "bad", despite its actual use case for real security. It is rather sad, as this means that good ideas can be ruined very quickly. We shall see what it brings, though.

August 2015

2345 678
1617181920 2122

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 20th, 2017 01:02 pm
Powered by Dreamwidth Studios