Password monitoring threatens civil liberties
I had my own little "James Bond" moment today as, daunted by my PC's increasingly long boot-up time, I went off to make breakfast. I returned to find my security software counting down the seconds before it locked me out of the machine and I had to calmly enter the password against the pressure of seconds ticking away. Very 'Goldfinger' or 'GoldenEye.'
Managing passwords is an increasingly hard problem: according to the book and movie about Facebook, 'The Social Network' founder Mark Zuckerberg used the system's record of failed login attempts to guess users' passwords for other systems. I think of that each time I login.
But, even more bizarrely, there was breaking news last week that the French government intends to make it law for ISPs to store users' passwords in the clear. I haven't seen confirmation of the in the clear bit, but just mandating easy access to users' passwords is an invitation to fraud, identity theft, and worse.
Here's a Google translation from the French at TechDirt: "Information furnished when agreeing to a contract or opening an account, including first name, last name, business name, associated mailing addresses, and pseudonyms utilized, associated e-mail addresses and accounts, telephone numbers, and passwords as well as data permitting the verification or modification of the password."
Quite a list and something that may well tip the balance of commercial value away from cloud-based computing as users seek to regain control of their information.
Get more like this
Managing passwords is an increasingly hard problem: according to the book and movie about Facebook, 'The Social Network' founder Mark Zuckerberg used the system's record of failed login attempts to guess users' passwords for other systems. I think of that each time I login.
But, even more bizarrely, there was breaking news last week that the French government intends to make it law for ISPs to store users' passwords in the clear. I haven't seen confirmation of the in the clear bit, but just mandating easy access to users' passwords is an invitation to fraud, identity theft, and worse.
Here's a Google translation from the French at TechDirt: "Information furnished when agreeing to a contract or opening an account, including first name, last name, business name, associated mailing addresses, and pseudonyms utilized, associated e-mail addresses and accounts, telephone numbers, and passwords as well as data permitting the verification or modification of the password."
Quite a list and something that may well tip the balance of commercial value away from cloud-based computing as users seek to regain control of their information.
Get more like this
Comments