Links

Ben Laurie blathering


Why Johnny Can’t Authenticate

Lately I’ve been thinking a fair amount about authentication, both because of identity management and the related problem of phishing. Eric Rescorla has written a really good taxonomy of web authentication functionality, which I recommend reading.

But this is only half the problem, and in many ways it is the easy half. So long as people (or their computers) can be fooled into giving away their personal information, no amount of cunningness at the protocol level is going to help.

I often hear it argued that using something better than passwords will fix the problem, for example, public/private key pairs. There’s actually two fundamental reasons why this ain’t so…

  • So long as its possible for users to recover from losing their keys (or passwords, or whatever it is they use to authenticate) in a way that can be imitated by phishers, they will not be helped by these protocols. Phishers currently concentrate on getting people’s passwords simply because that’s the low-hanging fruit. Pluck that fruit and they’ll move on to recovery (which obviously cannot use anything the user can’t hold in their head).
  • Computers aren’t secure and users can’t be trusted to make good decisions about what to run. Start using public/private key pairs and they’ll be stolen by viruses and worms instead of fake websites and spam. Indeed, trojans that log keys in order to steal passwords already exist.

(The title of this post, in case it ain’t obvious, is stolen from Alma Whitten, who I work with at Google.)

1 Comment

  1. […] In Why Johnny Can’t Authenticate Ben Laurie makes the point that: I often hear it argued that using something better than passwords will fix the problem, for example, public/private key pairs. There’s actually two fundamental reasons why this ain’t so… […]

    Pingback by Pete Rowley » Phishing forever? — 3 Aug 2006 @ 7:54

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress