Monday, December 27, 2010

Emperors and airports

"Proper and effective security requires multiple layers of systems, procedures and policies that are interlaced and constantly monitored," the airport said. "The vast majority of the widespread layers of this security program are behind the scenes and transparent to casual observers."  -- SFO flunky quoted at the end of this CNN article.

Turns out, the emperor wasn't naked.  His clothes were just transparent to casual observers.

Monday, December 20, 2010

Why let users choose their passwords?

As the release notes for the Gawker debacle illustrate, users make up sucky passwords.  Maybe the real lesson is that users should not be allowed to produce their own passwords.  Instead, websites should auto-generate passwords for users --- passwords that have real complexity, rather than "password" or "123456".   

Sure, this would force most users to write their passwords down --- or keep them in something like KeePass --- but that pushes the point of failure to the user.  The overall risk is way lower than the risk that all 50 websites for which said user used an identical, identically-lame password will remain indefinitely uncompromised.