Side note, are Stack Exchange (and similar) entries at YCombinator frequent and regular? Because, they're -already- places for discussion; although their interface is limited strictly to technical and on-topic posts. Just curious, if someone can indulge me..:)
EDIT: Btw., what's the question as it is very broad? For example, for personal devices 2FA is a must... Somebody there has mentioned Kanye West using "0000", for his pwd.
ATM Skimmers is another huge issue, apparently, in certain countries: always have to carefully inspect the machine, prior to use.
I posted the question there and also (re)posted here.
I think 2 things - In my opinion Stackexchange doesn't work well or at all as a place for discussion, by design. There's only a 1-level deep comment system and indeed discussions there, when they are attempted, are actively discouraged and often moved over to the chat feature. HN is much better suited for deep discussion.
Also the audience here is far broader than the audience for Information Security Stackexchange, which is pretty niche. Since the question was well-received there I thought it might have an above-average probability of also being interesting for the HN audience too, who might not otherwise come across it, so I thought I'd repost here.
> what's the question as it is very broad
Essentially my question is: is the proliferation of high res always-recording cameras in public spaces, combined with computer vision and possible automated scraping of creds from the footage, something that will cause a huge security issue in the near future?
Remember that the vast, vast majority of users don't use 2FA, password managers etc.
Could it be that username/password as a single factor (or having only a single factor) become obsolete because of this?
Cool, um, specifically for cell phone devices - as Lightness Races in Orbit has mentioned in comments there - we would use like a combination of fingerprint (or, face) auth. and plus a swipe pattern for 2FA.
A different kind of problem develops from there, because even though that biometric data is "secured" and encrypted (has to be, right?) - your signature still becomes available to "sync" and other system services...
We're, then, branded. No manufacturers and designers are taking steps to ensure that this kind of (deeply personal) data stays and functions strictly offline.
... As is the only way to keep your biometrics private (and truly secure). Keeping it isolated from network.
So, what's the best way: a password, a passcode, to keep in your head - or, a universal identifier which may be "unhackable", but universally known - to whoever. This can be a legit concern, no? :-s
4 comments
[ 3.2 ms ] story [ 18.3 ms ] threadEDIT: Btw., what's the question as it is very broad? For example, for personal devices 2FA is a must... Somebody there has mentioned Kanye West using "0000", for his pwd.
ATM Skimmers is another huge issue, apparently, in certain countries: always have to carefully inspect the machine, prior to use.
I think 2 things - In my opinion Stackexchange doesn't work well or at all as a place for discussion, by design. There's only a 1-level deep comment system and indeed discussions there, when they are attempted, are actively discouraged and often moved over to the chat feature. HN is much better suited for deep discussion.
Also the audience here is far broader than the audience for Information Security Stackexchange, which is pretty niche. Since the question was well-received there I thought it might have an above-average probability of also being interesting for the HN audience too, who might not otherwise come across it, so I thought I'd repost here.
> what's the question as it is very broad
Essentially my question is: is the proliferation of high res always-recording cameras in public spaces, combined with computer vision and possible automated scraping of creds from the footage, something that will cause a huge security issue in the near future?
Remember that the vast, vast majority of users don't use 2FA, password managers etc.
Could it be that username/password as a single factor (or having only a single factor) become obsolete because of this?
A different kind of problem develops from there, because even though that biometric data is "secured" and encrypted (has to be, right?) - your signature still becomes available to "sync" and other system services...
We're, then, branded. No manufacturers and designers are taking steps to ensure that this kind of (deeply personal) data stays and functions strictly offline.
... As is the only way to keep your biometrics private (and truly secure). Keeping it isolated from network.
So, what's the best way: a password, a passcode, to keep in your head - or, a universal identifier which may be "unhackable", but universally known - to whoever. This can be a legit concern, no? :-s
EDIT: Right, sry, might've strayed off-topic there.