Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:I guess I'm old-fashioned (Score 1) 87

I hate -*HATE*- having a machine try to read my mind. And a web browser? No, thanks. Just get out of the way & let me do what I want, the way I want.

So you never, ever have used spell checkers, tab autocompletion, search suggestions - or Google's web search, for that matter? Google Search is by definition the #1 "machine that tries to read your mind" in order to show the most relevant pages for a query term.

Comment Re:f!rstPo$t (Score 1) 140

Then the people type in the password a second time, so what.

You've never heard about death by a thousand papercuts?

Every single misstep caused by a user interface makes people mistrust technology; and the effects are cumulative. This carelessness by developers is what makes end users badmouth tech and think it's too complicated.

Comment Re:f!rstPo$t (Score 1) 140

Then they are not good security people. The weakest link in security is most often the human element; if you don't understand humans well, it's impossible to build a secure system, no matter how much of a cryptographer wizard you are. How good is the best encryption scheme if its user is socially engineered to unlock it for you?

Comment Re:f!rstPo$t (Score 1) 140

Showing the indicator is almost useless, as proven by the Windows login dialog; people typing either from muscle memory or hunt-and-peck will most of the time ignore it until it's to late.

Ignoring the capslock is a much better strategy, and it outweighs the marginal benefit of easing out an ALL CAPS password (which is not much better than an all lowercase one).

Comment Re:f!rstPo$t (Score 1) 140

People will never "naturally adopt strong passwords", and pretending that "they will, if only technicians bother them sufficiently" is the main reason why security by passwords is the clusterfuck that it is.

Designing the security system around the behavior of its users is the proper way to do it, rather than forcing users to adopt the behavior requirements of a bad system.

In the meantime, I welcome any attempt to make the life of password users less miserable. The password system is NOT secure as commonly implemented throughout the IT systems of the world, so we might as well make it more forgiving, until we get to replace it by something better.

Comment Re:f!rstPo$t (Score 1) 140

>Yes, because that makes passwords more user-friendly

That is nothing but an assumption on your part.

What, that accepting a correctly-typed password will be more welcoming than rejecting it because of a system mode error? I have empirical evidence for all the times my password has been rejected by typing it with Caps Lock enabled.

Heck, the Windows login screen had to include a warning for Caps Lock due to all the users failing because of it.

Comment Re:f!rstPo$t (Score 3, Interesting) 140

Yes, because that makes passwords more user-friendly, which ultimately makes them MORE secure (no need for the user to write them down in a post-it, and all that).

If you remove capitalization as a factor, people would need to choose longer words and more symbols, so it even may prompt a net security gain overall.

Comment Re:Just Solipsism and Faith-Based Nonsense (Score 1) 951

You still need to show how simulations can be nested one within the other.

Nope. You have to show that they can't be.

Hey, it is you who made the grand claim that being able to create a simulation is proof that you likely live within one. The burden of proof lies on the one making the extraordinary claim, right?

I've pointed out a simple reason why those nested simulations in your argument may be not likely at all - there's no known mechanism by which a simulation could create those nested simulations all by itself, and if you say "look at how it's done in reality", you're just begging the question - assuming the desired result in order to prove it.

Slashdot Top Deals

Lend money to a bad debtor and he will hate you.

Working...