Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier On Un-Authentication

Posted by CmdrTaco on from the gimme-back-my-keys dept.

Trailrunner7 writes "Bruce Schenier writes on Threatpost.com: 'In computer security, a lot of effort is spent on the authentication problem. Whether it is passwords, secure tokens, secret questions, image mnemonics, or something else, engineers are continually coming up with more complicated — and hopefully more secure — ways for you to prove you are who you say you are over the Internet. This is important stuff, as anyone with an online bank account or remote corporate network knows. But a lot less thought and work have gone into the other end of the problem: how do you tell the system on the other end of the line that you are no longer there? How do you un-authenticate yourself? My home computer requires me to log out or turn my computer off when I want to un-authenticate. This works for me because I know enough to do it, but lots of people just leave their computer on and running when they walk away. As a result, many office computers are left logged in when people go to lunch, or when they go home for the night. This, obviously, is a security vulnerability.'"

2 of 336 comments (clear)

  1. Re:I lock my computer when I walk away by MozeeToby · · Score: 0, Flamebait

    Windows-L is even easier in Windows.

    I would think this is the easiest security problem in the world to solve. If no activity for X minutes, lock the PC and send an email reminder to the user that says "Hey Dumbass, lock your PC when you leave".

  2. Re:Effective way to keep screens locked by commodore64_love · · Score: 0, Flamebait

    >>>if you find an unlocked machine, pull up the email client and send a message to everyone: "today's my birthday, drinks on me after work!"

    When I was in college, I used to get free printouts from people who left their computers turned-on and logged-in. For example I was part of a club that ran off ~1000 flyers each month to advertise various events. I would create the flyers in advance and then simply carry a disk around until I saw a turned-on computer. I would surf the net for a half hour, waiting to see if the delinquent student, and if not then I'd start printing.

    I bet after mommy/daddy received the $100 bill, that student learned not to walk away until the computer was OFF.

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall