Sure, but designing around the inherent riskiness of user behavior/forgetfulness is an important part of security systems. Users want to be protected, not for blame to be shifted to them.
Yes, it certainly mitigates the scale of a potential breach and I like that the reduced scale/potential value makes it a less attractive target to hackers (assuming the server side is also built in a secure way). I havent investigated, but it makes me nervous to think that if my phone is stolen, the thief gets my data too.
As a consumer though, I could change my password on a server if it gets stolen. But how would I reset it after my phone was stolen if authentication is all stored client side?
Is this just thinly veiled spam for that site? I can't tell if you work for them or not but, if you do, it's not in your profile. If so, I think it's pretty tacky when companies to take every possible opportunity to get their name out there...
This is pointless. Solutions like keepass are just as good and don't require existing services to hook into new authentication API's. In fact, they're better because they don't run the risk of opening a whole new central attack surface.
Part of the $172 million Sony reports includes "rebuilding their user management and security systems." But having satisfactory user management and security systems in the first place is what would have allowed them to avoid such an attack. It's not an extra cost from failing to engineer things correctly; it's the cost of engineering things correctly.
> That $400k is nothing compared to the total cost. Sony reported an estimated outlay of $171M for insurance, customer support, and rebuilding their user management and security systems. Since the breach, partially due to a drop in customer confidence, Sony’s stock price has dropped from $30 to $13.
19 comments
[ 48.7 ms ] story [ 135 ms ] threadIs there an open protocol for this?
Looks like you're doing something similar to the mutual auth that wikid does...a whitepaper or two with more depth would be useful on the site
Post hoc ergo propter hoc.