Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: Re:One elegant solution... is ours. (Score 2) 288

by Zardus (#46917311) Attached to: Applying Pavlovian Psychology to Password Management

I'm glad people are out there thinking about this. As I understand it, though, there are a couple of drawbacks to this specific approach.

1. The unique identifier that now allows you to be tracked across each application you use. I guess this can be solved by having multiple IDs per app. You might want to consider this.
2. "Pay per authentication"...
3. Requirement for your phone to have connectivity. While this doesn't matter most of the time, it can be important when, for example, you're traveling abroad and don't have phone service.
4. You need to be a trusted party for your users. If you're compromised, the whole system is screwed.

Other approaches, such as Google Authenticator, provide 2FA without the requirements of connectivity, trackability, trust, or payment. The only advantage (and this is also quite a weakness) that I can see with your approach is that it's probably easier to replace a lost phone; just call you guys and have you reroute the passwords to a different app. The problem is that this opens the door to social engineering attacks (see #4).

Comment: Implications! (Score 0, Flamebait) 205

by Zardus (#32190120) Attached to: UK Court Finds Company Liable For Software Defects

If this is upheld and catches on, it could have pretty horrid implications world-wide, especially with how willing people are to litigate against companies (such as Google) that are actually based in a different country but have presense in the litigator's country by virtue of internet access....

Comment: Re:Breaking in? (Score 2) 139

by Zardus (#31917504) Attached to: Escalating Gmail/Spamming Attacks

Having a weak password is more like having a dinky combination lock on your front door, not like leaving it open. If someone comes up to your house and cracks your $2.98 Walmart combo lock, they're still robbing you.

Also, how can you call someone who's ID is well over 600,000 lower than yours a junior? It defies all reason! By common sense, DerekLyons is 3 times your age.

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_