Identify yourself! There has to be a better way

  • (2 Pages)
  • +
  • 1
  • 2

16 Replies - 4112 Views - Last Post: 19 July 2013 - 10:12 AM

#16 baavgai  Icon User is offline

  • Dreaming Coder
  • member icon

Reputation: 5642
  • View blog
  • Posts: 12,359
  • Joined: 16-October 07

Re: Identify yourself! There has to be a better way

Posted 19 July 2013 - 09:50 AM

View Postccubed, on 19 July 2013 - 11:16 AM, said:

1) Teach users


Yeah... Here on planet Earth, it has been proven ad nauseaum that users are, by definition, unteachable. Assuming that they are educable is a profound security hole in its own right.

More, if you enforce security protocols on users, they'll usually react by taping the 16 letter super secure password to the bottom of their keyboard. Working with users means giving them something they're willing do deal with. Or, at the very least, can't circumvent.

One method of "more secure than the user wants to be" are tokens. Their password can be 1234 but that little fob thingy is more secure than they are. Users hate them, actually. But, they're secure.
Was This Post Helpful? 0
  • +
  • -

#17 ccubed  Icon User is offline

  • It's That Guy
  • member icon

Reputation: 153
  • View blog
  • Posts: 1,394
  • Joined: 13-June 08

Re: Identify yourself! There has to be a better way

Posted 19 July 2013 - 10:12 AM

View Postbaavgai, on 19 July 2013 - 10:50 AM, said:

One method of "more secure than the user wants to be" are tokens. Their password can be 1234 but that little fob thingy is more secure than they are. Users hate them, actually. But, they're secure.


Until you find out that those tokens either rely on a server to generate a code or generates a code itself based on a predetermined algorithm or generates a code based on a predetermined algorithm based on the input of a number that came from the server you're logging into.

Conceding tokens are nice and probably more secure than the average user, not conceding they're a solution to anything.

Also wasn't implying we could teach users, was just saying in a perfect world to fix verification we need to. :)
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2