common denial

I was recently flying to California and sat next to a woman on the flight who worked for a biometrics company. The discussion of biometrics for use in authentication has always been interesting topic in my world and certainly in my Federal realm. Dealing with biometrics when it comes to war times is a difficult discussion to have. Losing your enrollment method creates additional problems. Biometrics has been a process available for years and has always been debated ( I will never forget this Mythbusters busted myth ) but this is security and everything can be made “stronger”…
Personally, I don’t have an opinion about the right way or the wrong because one thing I know about technology, it is always changing and nothing gets accepted unless consumers want it to be. Ok, so personally I don’t like anything that I can’t “control”. I don’t like anything that is so stagnant when protecting my assets. For instance, how are they protecting the biometric data and what happens when technology breaks that too… what option do I have regarding my password? In other words, the same security questions we always ask.
But what that flight did make me think about… passwords and the bad wrap they get. Did you hear the story about the Nuclear launch code… you know… 00000000. That is right, the launch code for the United States of America Nuclear weapons was 00000000. I am one of those people that believes that you need to understand the problem and find a solution to the problem. I am not a big fan of band aids. Like I always say, it is about risk, it is about where you keep your password, it is about what it is protecting. That launch code in my opinion is fine because it was protected but 5 people that kept it under lock and key and key and key (ok so I made that up but I hope you gat my point). The 00000000 kept it’s purpose by being fast when they needed it to be. And I can only imagine what it took to get to the keypad to enter in that code. My point…? The password like 123456 can be put on the a post it note and put in your office at the corporate office if it is the code for your luggage lock that is used to protect clothes that can easily be replaced. Losing that clothing is not that big of a deal. What you put in that bag can be lost and therefore if you can’t replace it, don’t leave it out of your sight. You should be carrying your own jewelry anyway. Passwords are ok… simple passwords are ok, it’s just that we are not using them appropriately. It’s just that we are not educating people. It’s just that we should be educating people about the impact of having all the accounts linked together ( you break one… you break them all ). It’s just that people need to understand the bigger picture and the impact, knowledge is always power. It’s just that people want the easy way of doing something. It’s just that we are using a lot of band aids, not fixing the problem.
Ironically, the woman that I flew with introduced me to Fido Alliance and that seems interesting… supposedly it is a simpler, stronger authentication, just what we need 🙂