Weekly Wee One #3 – Passwords and Biometrics are like….

This week’s tweet-size InfoSec analogy with not so tweet-size extra stuff 🙂

[tweet hide_thread=true width=’900′]
[tweet hide_thread=true width=’900′]
In one resulting twitter conversation you’ll find very pertinent questions from Van Amenya (a non-security person who bravely weighed in) about whether consumers really care about security, my very personal opinion on how things are security-wise in the retail/IT vendor space and good stuff from Dr Danniel Dresner (with his usual sense of humour attached).
In the second one, we’ve got Philippe Verstichel, Claus Cramon Houmann and Per Thorsheim indulging my inexpert questions about the inner workings of biometric authentication and sharing opinions on it’s future usage and security.
When this one came to me, I did a fairly long search for recent articles calling out how vital it is to secure around identification and authentication data stores. Almost nothing, nix, nada on that subject (feel free to flag any I missed). I therefore feel justified pointing to my post on passwords and their future.
Another symptom of the lack of joined-up-ness in the way we approach security, or (more realistically) another victim of the ‘wow’ driven media experience? Not so sexy to say:

‘Biometrics are amazing, BUT one lax privileged access policy, holey database or iffy connection and your ‘you data’ goes bye bye’.

Having said all that I can’t wait for biometrics to become mainstream. Even with a password safe, my InfoSec pro tendency to set evilly long passwords sometimes makes my life a misery (look for a tweet in that second thread proving that point). And that, right there, is the problem. Super convenience makes everyone less cautious…well…except paranoid security pros like myself. We’re paid to be that way, so you (as long as you pay heed to us), don’t have to be 🙂 .
To underline that point: Think about the explosion of mobile apps. How long was it before most folk considered whether they were secure, or why they wanted permission to access (among many other things) all your contacts?
Perhaps biting off my nose to spite my face, I’ll be a late adopter of biometrics. Watching carefully (and probably tweeting/posting about) who’s good at security and mistakes made by others.
Soooo, this turned out to be not so wee, but mainly due to the great input provided by the Twitter community. Thanks for that! And hopefully I’ll have more tweet-size inspiration by this time next week.

If you liked this, you can find more here, or try The Analogies Project for loads of bigger ones from just about every big name in the security game (plus plenty of folk from other trades). It’s a fab resource.

Leave a Reply