 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Rich P wrote: > You > personally can remember your commonly-used passwords. Can you honestly > and truthfully say that about every person in the world? No, you can't. > The rules of the experiment are there to put you in the position of > someone who can't remember their commonly used passwords, never mind the > infrequent ones, and may have difficulty remembering or entering their > vault password. There was a business opportunity a long time ago to create single-signon for "The Internet". I remember a 1995 talk (in Boston no less) by Bill Gates who described this opportunity, with the seeming assumption that his company would be the one to introduce it. Maybe VeriSign could've actually pulled it off. But now we've got a plethora of "single"-signon services such as the widely- but not universally-supported Facebook Connect. (My current employer uses one from Okta.) Early efforts like that of Microsoft attempted to monetize it directly, more-recent ones are trying to gather personal data. Users have long since stopped believing this is a problem that can be or needs to be solved, as they merrily click on a hundred different websites daily, typing "abc" or "000" to enter each. What I found is that my old method of memorizing individual passwords for "important" accounts and using an easy-recall common password for less-used ones broke down once I got beyond about 20 of the "important" ones. Now that the entire corporate world is online, the sheer number of individual passwords has grown (for me) beyond 50. As someone else here noted, the "unimportant" accounts can be used to impersonate you: an attacker can gather personal data about you from one source (a Facebook page, the BLU webserver, or wherever) to learn the names of people you know, and then break into a rarely- or never-used account of yours to target them (which may be a sophisticated enough scam to pull you yourself into whatever scheme got dreamed up, by infiltrating your trusted circle of people). Knowing all this, and knowing that most people have just plain given up trying to follow best-practices, I've been recommending LastPass.com to my non-technical friends: but their service isn't free on mobile phones so I'm looking for a new recommendation. More and more Internet usage is dropping off the desktop where so many of these tools are confined. Developing and maintaining a tool that works well enough across all devices (and is centrally available in The Cloud where it can support all the keyboards/keypads you use) is an exceedingly expensive proposition that the open-source community has thus far been unable to address sufficiently. -rich
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
