Actually Linux is my primary OS. But how does that help the rest of the world? A solution that improves security for the technocrati is great, but not really worth deploying to the masses. And until it's worth deploying to the masses, it's just not going to be generally available to the few.
And even on Linux the security isn't impenetrable.
Also, no, you don't need root to install new software on Linux, unless you want that software to be accessible to all users. That's not the way most repository interfaces are configured to operate, but you can always install software directly as well, just download and run the install script. Even back in University I had a library of personal software installed on my locked-down university account.
Key- and screen-loggers? Pretty standard stuff I believe. All that's required is the wrong virus or trojan sneaking on to your machine somehow.
The main point is only that only one thing is needed to compromise security - knowledge - and thus is a stretch to cal two-factor under the traditional definition (at least so far as I understand it. I'm a programmer, but no expert on security)
I certainly don't contest the challenge that it's probably significantly more difficult to bypass. At first glance it would seem to have great potential, IF done well. But I don't even know enough details to judge the theory, and as always implementation details will likely expose far more vulnerabilties to hackers. The question is, would it continue to be fundamentally more secure if it became the primary means of security, or is it's primary benefit that of being a small small enough target that it's not worth the effort?
A wonderful idea! Unfortunately politicians make the laws, and their campaigns are funded by bankers, so it seems unlikely to be be achievable.
No, that is why we have regulation by an ideally democratic government - to impose those rules upon the entire marketplace that cannot realistically be instated any other way. Because just like most other Tragedy of the Commons situations, if everyone behaves with rational self-interest, then everybody loses. It's only by having rules imposed by a collectively empowered authority that we can align rational self-interest and our own best interests.
>because it's actually more than two-factor authentication
Kind of, maybe, but you really have to stretch the definition. Two factor authentication is typically a combination two of:
- something you know
- something you have (physical object)
- something that's an inherent characteristic (biometric data)
specifically so that it's extremely unlikely that an unauthorized user can get access to more than one of them.
Meanwhile yours (from what I can guess from your under-specified description) involves:
-Picture (keyfile?) that's stored online where anyone can get it (and how do you access it? a password?)
-passphrase
-password
And yes, that's considerably more challenging to hack than a simple password alone, but it still sounds like it only involves "something you know", and thus offers none of the more concrete protections offered by more traditional two-factor authentication. All it takes is someone filming your keyboard and screen while you log in and your security is completely bypassed. Not appreciably more difficult to hack than a completely random 30-character password that can be conveniently stored in an encrypted password manager on a USB flash drive accessible via passphrase, which provides quasi-twofactor authentication on the front end. You can watch me enter my passphrase, but without also having the file on my USB drive it won't help you log into any of my accounts
Granted, that's not as convenient on phones/tablets/etc, but given how common spyware of various types is on such devices I'd be *extremely* hesitant to access anything actually important from those unless you completely refused to install any software that has the potential to monitor your activities - a call that's becoming increasingly difficult to make even for the competent.
I'm always looking for a new idea that will be more productive than its cost. -- David Rockefeller