Your post advocates a
□ software □ hardware □ cognitive □ two-factor □ other ___________
universal replacement for passwords. Your idea will not work. Here is why it won’t work:
□ It’s too easy to trick users into revealing their credentials
□ It’s too hard to change a credential if it’s stolen
□ It initiates an arms race which will inevitably be won by the
attackers
□ Users will not put up with it
□ Server administrators will not put up with it
□ Web browser developers will not put up with it
□ National governments will not put up with it
□ Apple would have to sacrifice their extremely profitable hardware
monopoly
□ It cannot coexist with passwords even during a transition period
□ It requires immediate total cooperation from everybody at once
Specifically, your plan fails to account for these human factors:
□ More than one person might use the same computer
□ One person might use more than one computer
□ One person might use more than one type of Web browser
□ People use software that isn’t a Web browser at all
□ Users rapidly learn to ignore security alerts of this type
□ This secret is even easier to guess by brute force than the typical
password
□ This secret is even less memorable than the typical password
□ It’s too hard to type something that complicated on a phone
keyboard
□ Not everyone can see the difference between red and green
□ Not everyone can make fine motor movements with that level of
precision
□ Not everyone has thumbs
and technical obstacles:
□ Clock skew
□ Unreliable servers
□ Network latency
□ Wireless eavesdropping and jamming
□ Zooko’s Triangle
□ Computers do not necessarily have any USB ports
□ SMTP messages are often recoded or discarded in transit
□ SMS messages are trivially forgeable by anyone with a PBX
□ This protocol was shown to be insecure by ________________, ____ years
ago
□ This protocol must be implemented perfectly or it is insecure
and the following philosophical objections may also apply:
□ It relies on a psychologically unnatural notion of
trustworthiness
□ People want to present different facets of their identity in different
contexts
□ Not everyone trusts your government
□ Not everyone trusts their own government
□ Who’s going to run this brand new global, always-online directory
authority?
□ I should be able to authenticate a local communication without
Internet access
□ I should be able to communicate without having met someone in person
first
□ Anonymity is vital to robust public debate
To sum up,
□ It’s a decent idea, but I don’t think it will work. Keep
trying!
□ This is a terrible idea and you should feel terrible.
□ You are the Russian Mafia and I claim my five pounds.
hat tip to the original