[Discuss] A Little OT: The Password Post-It
Tom Metro
tmetro-blu at vl.com
Fri Apr 20 21:16:45 EDT 2012
Richard Pieri wrote:
> In the typical case, a two-factor system uses a security token of
> some sort and a code to unlock that token to make it useful.
It is arguable whether that is typical. The systems I have heard of,
which have been deployed for large scale sites, like PayPal, spit out a
code when you press a button (such as the Verisign "football" and
successors). You don't "unlock" them. Others have you insert a smart
card, USB key, or send you code via SMS to your cell phone. None of
these require unlocking the security device.
1. https://idprotect.verisign.com/orderstart.v
Without evidence to the contrary, I'd assume measured by volume of units
deployed that the non-password requiring security devices outnumber the
ones that do need to be unlocked.
But this is besides the point, because...
> Problem: users forget their passwords so they write them down on
> post-it notes. What reason do you have to expect anything different
> for the token unlock codes?
You are arguing a negative for a system that is different from what I
proposed. I agree with you that the system you describe has the same
problem, but it is irrelevant.
> In the...case where the token's proximity is required in
> addition to the desktop password, we still have users writing their
> passwords on post-it notes and sticking them on their monitors.
As stated in the previous post, two-factor helps somewhat mitigate the
use of weak passwords, thus you can relax your password rules and permit
users to pick something they find memorable. Thus minimizing the use of
post-it notes.
> You can layer more and more complexity in order to cover these
> loopholes and improve your warm, fuzzy feeling of security. Or you
> can do something simple: lock the door. Maintain good physical site
> security. Then it won't matter if users write their passwords on
> post-it notes. If attackers can't gain physical access then those
> post-its do them no good. Problem solved.
True, you should do that too, if practical.
But in general, you want to strive for the maximum security benefit for
a given level of user cost (inconvenience). If adding Bluetooth
proximity increases your security while minimally impacting user
inconvenience, then it is a win. If you don't believe that to be the
case, then use something else...
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Discuss
mailing list