2-factor authentication doomed.. and the future of internet use.

http://www.schneier.com/blog/archives/2005/03/the_failure_of.html

2 factor authentication obsolete?

Well.. I cant argue with the arguments of the article above, but its inportant to keep things in perspective.

I see a clear distinction between home users and their security needs, and corperate security needs. (but what about dial-in corp users?!)

For corperate IT, where the network infrastructure and local pc’s can be tightly controlled, passive attacks like password guessing are gonna be the choice avenue of attack. 2–factor is good in mitigating this one.

Home users and their infected pc’s face different problems, and I feel will evenutally have to result in drastic meassures to contain the ever growing menace that these systems and their clueless users represent.

Corperate dail up? Well ffs, dont use people’s own pc’s to do it.. give them cheapo laptops, something you as an IT department can at least control!

In the end, whenever a secure connection has to be made over an insecure line, Man-in-middle attacks are gonna be a problem. Whenever you cant control the configuration or the security of the connecting pc, piggy-backing is gonna be a problem.

The awnser is partly a highly-guarded public infrastructure, , better security protocols that combine more than one authentication system in ways that are very hard to spoof, and all other vectors being as closed as they can possibly be.

So how about stuff like online banking, online shopping, zombie-networks, etc.

For home users,  I see a grim future. I imagine a not-so-far future where you have to register your computer, and all its software, just to get online at all. Your system and its software will be constantly vetted and monitored, and kicked off the netwerk at the first sign of trouble. The ISP’s will play a major part in this, as part of the responsibility for keeping the network secure and clean overall, will fall on them. The kind of technologies that we are beginning to see in the corperate arena, such as isolation VLAN’s, security-policy enforcement, are gonna shift towards the home user at some point.

You will have one side of the internet, where not only to ensure people’s safety online, but to ensure the health of the network itself, you will be forced to connect to a DRM managed, policy controlled, security-enforced internet, where you and your activities are constantly subjected to scrutiny, and you have very little freedom on your own pc. You might even have one pc for this ‘clean’ internet, and a seperate one for…

…The “shadow internet”; it looks a lot more like the internet we have today, where anarchy rules and security is a joke. A digital bad-lands. Connect any and all pc to that one if you dare, but security is all your own responsibility.

On which sides companies will do their business, and where most users will be forced into by PC manufacturers, software companies, content providers and their IP, and ISP’s, seems obvious. I hope it wont come to that extreme, but its already starting to happen. Look at SP2 and Automatic Updates… look at all the extra agents that get installed on your pc these days… and that stuff is legit! We are slowly but surely loosing control of our own pc’s. We cant even call them those anymore.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.