NYT Password Security Discussion Overlooks Universal Logins

← Back to Stories (view on slashdot.org)

NYT Password Security Discussion Overlooks Universal Logins

Posted by timothy on Tuesday September 7, 2010 @04:02AM from the your-voice-is-your-password dept.

A recent NYT piece explores the never-ending quest for password-based security, to which reader climenole responds with a snippet from ReadWriteWeb that argues it's time to think more seriously about life beyond passwords, at least beyond keeping a long list of individual login/password pairs: "These protective measures don't go very far, according to the New York Times, because hackers can get ahold of passwords with software that remotely tracks keystrokes, or by tricking users into typing them in. The story touches on a range of issues around the problem, but neglects to mention the obvious: the march toward a centralized login for multiple sites."

6 of 127 comments (clear)

Min score:

Reason:

Sort:

In matters of security by Pojut · 2010-09-07 04:06 · Score: 4, Insightful

In matters of security, the most important tool anyone can have is common sense. Phishing scams, "dangerous" websites, revealing important information willy nilly...all things that cause major problems in the digital world, and all things that could be almost completely avoided if common sense was more prevalent.
Granted, some people "don't know any better"...but that's why you educate those types of people if you know any.

--
Living With a Nerd
1. Re:In matters of security by PPH · 2010-09-07 05:01 · Score: 4, Insightful
  
  My credit card company (Visa) calls me occasionally about suspicious activity on my card. When they leave a message, the number they leave is NOT the same as the customer service number on the back of my card.
  It's been explained to me that this number gets me to the same place as the customer service number with a few less steps. But I've told them that I'll never call anything other than the number on the card. And that its a really bad idea to train customers to return calls to just any number and expect them to identify themselves with SSNs, relatives names, and provide their card number.
  If anyone is supposed to be smart enough to figure social engineering attacks out, it should be Visa and their ilk.
  
  --
  Have gnu, will travel.
Idiots by The_mad_linguist · 2010-09-07 04:06 · Score: 5, Funny

Why don't you hunter2s shut the hunter2 up!
Torn by esocid · 2010-09-07 04:08 · Score: 4, Insightful

I'll admit, I feel torn when I see that OpenID login. Increase my chance of giving someone access to everything? Or make it simple?
In the end I compromise and simply use a variation of one password for those.

There is the problem with centralized logins: the masses don't consider the first part, and only think of the convenience.

--
Absolute power corrupts absolutely. indymedia
1. Re:Torn by houghi · 2010-09-07 05:12 · Score: 4, Informative
  
  There used to be a time that you could easily host your own OpenID with e.g. http://siege.org/phpmyid.php
  You point to http://yoursite.example.com/ instead of the one from Google or any other OID provider.
  That way you limit the chance of giving somebody else access as you manage your own login and password.
  Some others might be found here : http://openid.net/developers/libraries
  
  --
  Don't fight for your country, if your country does not fight for you.
Re:Wait.... by Pieroxy · 2010-09-07 04:57 · Score: 4, Funny

Better yet! I can post my bank account balance on facebook in one click! And my actions portfolio! My credit rating! Yeeeeeaaah!!!!

--
Write boring code, not shiny code!