Comments by "Mat Broomfield" (@matbroomfield) on "Lorrie Faith Cranor: What's wrong with your pa$$w0rd?" video.

  1. The problem is not the strength of peoples passwords, but the fact that they're still needed at all. It's high time that a universal biometric password device based upon finger prints or retina scans and then a short 4 digit password was globally implemented.
    2
  2. bo gao Privacy is a massive issue, and should be one of the major issues of the modern era. However, even so-called democratic governments like to behave like authoritarians out of public sight. The big problem is constitutions that enable them to trample our basic rights under the guise of national security. The  idea of back doors in whole disk encryption, tunnelling protocols, and biometric passwords is a sickening overreach of government.
    2
  3. ***** There are undoubtedly ways that biometrics can be used to produce unique site passwords, just as PGP can produce unique encoding strings. I also mentioned the use of a 4 digit password - perhaps I didn't clarify that well enough. At my bank, each customer has a wireless pin sentry reader. When I log on via the internet, I type in  personal details, but then my connection is authenticated via the pin reader. If the password were biometric, and the authentication was also biometric, the two could be parsed together BEFORE SENDING in ways that are unique to each site, such that even if both parts were intercepted, the result would only be good for a single site. Clearly, for Amazon, such dual key authentication is unnecessary, but a multi-tiered option, with simplified authentication for tumblr, youtube, etc would operate, then a dual key system for banks or anywhere that financial transactions take place. The major issue, is that these sites must take personal responsibility both for protecting their data, AND the connections  with their customers. The heartbleed bug was unforgivable, but there have been many larger security breaches that were far more easily accomplished. The fact is, the internet itself is still ridiculously insecure, due in massive part to the lack of co-operation between browser developers, especially Microsoft, and  the infrastructure providers.
    1