Multiple Factors to the Password Rescue!

Any password-reset system that will be acceptable to a 65-year-old user will fall in seconds to a 14-year-old hacker.

Remember Mat Honan? Yeah, the Wired guy who got hacked. In the aftermath of somebody somewhat popular and well-known on the Internet, guides on how not to get hacked popped up. Most of them weren’t that good, so I wrote up what I felt they were lacking.

Now Mat Honan’s back and campaigns for password-less systems. Why?
He says he could get into your account. He’s probably right. Truth is, what makes you and me ‘safe’ nowadays ist mostly that people capable of messing with our data in a sophisticated way find well-paid employment in some state department/agency or organised crime and work on juicier targets. But that’s not what you could call a real ‘defense’, so back to topic:
After the mandatory mentioning of how stupid it is to use unsafe or the same passwords over and over again, and how it has been shown that’s what everybody does anyway, it gets interesting.

Honan says we have to go beyond safe passwords, safe secondary email addresses, two factor authentication and all the measures that make life online safer, but not really safe. He pledges for more than one or two factors, throws in biometrics and behavioral data, and social factors like confirmation through friends by photo if you suddenly log into your bank account from the bahamas.
Yes, why not use location data? This is a good example for another point Honan makes: Increased security will only come with decreased privacy and/or convenience.

The other thing that’s clear about our future password system is which trade-off—convenience or privacy—we’ll need to make. It’s true that a multifactor system will involve some minor sacrifices in convenience as we jump through various hoops to access our accounts. But it will involve far more significant sacrifices in privacy. The security system will need to draw upon your location and habits, perhaps even your patterns of speech or your very DNA.

We should acknowledge that and use whatever new security system is made available. And be smart by using the established ones to be as safe as possible. Honan’s article raises awareness of the fact that we have to live with drawbacks in coomfort if we want to stay safe, which is very important.

via