So, you think your password provides you with privacy. It doesn’t.
At some price, a hacker can get at your secrets.
The key words are “at some price.” How much is some hacker willing to spend to hack you? Why?
Some people need protection. But life is short. Why would anyone with the valuable skill of hacking bother with you?
A long article in Wired shows how we are all vulnerable. It also reveals that there is no solution today. It offers this pie-in-the-cloud-bye-and-bye assessment
The other thing that’s clear about our future password system is which trade-off—convenience or privacy—we’ll need to make. It’s true that a multifactor system will involve some minor sacrifices in convenience as we jump through various hoops to access our accounts. But it will involve far more significant sacrifices in privacy. The security system will need to draw upon your location and habits, perhaps even your patterns of speech or your very DNA.
We need to make that trade-off, and eventually we will. The only way forward is real identity verification: to allow our movements and metrics to be tracked in all sorts of ways and to have those movements and metrics tied to our actual identity. We are not going to retreat from the cloud—to bring our photos and email back onto our hard drives. We live there now. So we need a system that makes use of what the cloud already knows: who we are and who we talk to, where we go and what we do there, what we own and what we look like, what we say and how we sound, and maybe even what we think.
That shift will involve significant investment and inconvenience, and it will likely make privacy advocates deeply wary. It sounds creepy. But the alternative is chaos and theft and yet more pleas from “friends” in London who have just been mugged. Times have changed. We’ve entrusted everything we have to a fundamentally broken system. The first step is to acknowledge that fact. The second is to fix it.
Nowhere in the article does it ask: “At what price?”
Any article that proposes a problem should ask: “At what price?” Any article that offers a hypothetical solution should ask: “At what price?”
I have a solution that will eliminate 99.9% of password hacks. It’s easy. It’s effective. You will not forget it. I mailed it in September as a Tip of the Week.