Prediction: in 10 years nearly everyone will be using a password manager; it will come with their OS (Android or iOS) with browser plugins for other OS’s, and the integration with mobile apps and mobile web will be so tight that people will not even realize they are using passwords, most of the time.
Apple just massively revamped their own manager in the latest iOS release. They already have pretty good integration with mobile web and with App Store apps.
In the next couple of years I expect to see pw manager integration made a firm requirement for App Store apps, and I expect to see web standards for account signup and login that make pw managers reliable.
I suspect Google will follow suit although I am not familiar with Android’s capabilities in that area.
So in a few years you will not type an email address and password to sign up for things; the OS will prompt you: “foo.com is asking you to sign up, would you like to do this automatically?” and if you respond in the affirmative you’ll get a site-specific email address and password automatically created and stored for you, and that will be used whenever you want to log in. Recovery will shift to a mobile account centric workflow (Apple ID or Google account) rather than email based password reset links.
If a data breach is reported the pw manager app can notify you and give you a one-button-click experience to reset your password.
The downside is that if you get canceled by Apple or Google it will be a special kind of hell to recover.
And then losing access to everything when moronic automated Google systems ban your account for $REASON with no chance to appeal it.
I recently ran into an interesting problem -- my Microsoft account (used as a spam lightning rod) borked a passkey stored on a Fido token and refused a paswordless sign in. Same thing happened with a second backup token made by a different company. If I didn't have a password fallback, and that account was important, I would have a massive problem with no way to solve it. But the world has not yet gone completely insane, so I fired up my trusty KeePassXC and was in in less than a minute.
I love the idea of passkeys; I hate the experience of passkeys, especially when it comes to having to reach for my phone to log into a desktop web site.
It certainly looks that way. It's either going to be cell phone integration, or ER GLASSES(ex meta raybans). I would like to see the incorporation of a ring(real unintrusive wearable NFC I can activate or press<for presence confirmation> with my thumb by just raising my hand above the keyboard{For illustration, you ever seen guys spin their wedding band with their thumb as a twiddling activity??}).
A) fair, b) I think this common distinction is a little overblown. Authorization is just a particularly straightforward CRUD feature, perhaps with some inheritance logic — authentication seems to be where 99% of all security sadness comes into play.
Plus there’s the less-often-discussed task of protecting some of your users from other users, such as Google vetting their html5 ads for malware, and military (all B2B?) contractors trying to write tools that aren’t useful to insider threats. It’s worse than either auth* domain IMO, as it usually involves unavoidable tradeoffs for benign users; I haven’t read this book in full but I suspect it didn’t make the list!
TBF, I’m not sure it even has a standard name yet like the other two… anyone know enough to correct me? Maybe… “encapsulation”? “Mitigation”? The only “auth*” term left is arguably “authorship”, which doesn’t really fit https://www.thefreedictionary.com/words-that-start-with-Auth
Edit; I think I just taught myself what complex authorization is! I’ve always treated it as role management, but “what roles can do what” does also fit, I have now realized. Sorry y’all - leaving it up in case it’s a learning experience for others lol
Authz is usually much more complex than strict authN since authz gets much more into the thorny people problems, things like "how do you build a system allowing arbitrary organizations of people (your customers) to systematize how they want the people within their organization to be able to access/change things." A better term I've heard is "governance" which is more indicative of the stodgy, thorny, people-oriented nature of the problem, just like governments!
There's also lots of potential levels of granularity and thus complexity, with the most granular (that I've seen) being able to model access through time as a continuum down to the individual field of each object in the business, based on wide arrays of arbitrary other factors. Think modeling problems like:
> "If condition X in the business is true then I want user X to be unable to view/edit the 'foobar' field of entity 'powzap', and I only want this rule to be true on Tuesdays of the months April and October".
That's a tough problem to tackle with a lot of subtlety to wrangle.
- Complicated authorization systems bleed through everything else, adding exponential complexity. Maybe, as an industry, we should seek better tradeoffs? One example I can think of is preferring auditing over authorization. It's a lot easier to build a generic, unified auditing system and interface than to build sleek, fluent UIs that also have to accommodate arbitrarily complex authz behaviors.
- OTOH, I'm very keen on fine-grained controls over what data I grant third parties access to. For example, I want to be able to say, "grant this lender access to the last 18 months of account balance for this specific account" and exactly no more or less.
What people want is authorization. Authentication is a painful activity that must be performed in order to do authorization properly in most cases.
Side note: there is a trivial case where authentication is reduced to “whoever is physically holding/interacting with the system”. This is when either the operation to be authorized is relatively low risk (changing the channel on the TV with the line-of-sight IR remote control) or when you’re depending on physical security controls to prevent access to people who shouldn’t be doing the thing, e.g. requiring data center technicians to badge in before they can go into the server room and start disconnecting things.
To be fair, once someone has physical access to the machine, them having full access is just a matter of time and effort. So at that point it's security-through-too-much-effort-to-bother.
There should be a unified theory that all auth can be stacked on top of. Like, a theory of secure communication, that deals with the problem of adding security/reliability/etc. properties to a communication channel.
> All weapon systems that consist of an expensive vehicle and an expensive-to-train crew are being re-evaluated against drones right now.
I don’t think that drones are necessarily the only answer to the “expensive weapons with expensive to train crews” problem.
Expensive weapons lead to cost boondoggles and economic asymmetry, eg $10k in modified COTS drones can defeat $MM in conventional armored vehicles.
We should be re-evaluating our weapons systems economically as well as doctrinally.
For example, would our Navy be more effective with thousands of relatively inexpensive small platforms that could do commerce raiding, interdiction, air defense and so forth (destroyer type jobs) than with our expensive and rare large surface combatants?
> For example, would our Navy be more effective with thousands of relatively inexpensive small platforms that could do commerce raiding, interdiction, air defense and so forth (destroyer type jobs) than with our expensive and rare large surface combatants?
https://en.wikipedia.org/wiki/Jeune_%C3%89cole was all about this... In the 19th century, when a couple of innovations (torpedoes, explosive shells) made it look like smaller ships could do enough damage that big ships were just a waste of money. In their case, they were wrong and their ideas were surpassed by further technological advancements (aircraft carriers).
Small ships with missiles and drones and unmanned submarines could be a decently powerful combination. You can't project power with those though, and around half the idea behind the US' carrier fleet is power projection.
And then a cheaper APS round disables your $10K drone, while a direct energy weapon for dollars of electricity can destroy swarms in one go. The car and mouse nature of weapons technology has always existed. Even at the advent of tanks there were anti tank weapons. That didn’t mean they were useless.
the Navy already has a problem with command and control (training, corruption, scandals, collisions, accountability - from delivering ships on time to the starlink wifi situation)
adding more things to control will cause more problems .... especially in peace time
Almost all problems with name handling come from two assumptions:
1. Names are identifiers.
2. Names can be used to correlate the same person between two systems.
These assumptions are not universally correct, and so programmers and designers and product managers try to restrict names in order to minimize edge cases and maximize the cases in which their assumptions hold.
And these same folks make the same mistakes about names of things as they do about names of people. If a human provides the name, then you are taking on a huge pile of problems using the name as an identifier. Take DNS domain names or AWS S3 bucket names or NetBIOS names in Windows networks or (pick your favorite flat namespace ).
The solution?
Always use system-assigned (preferably random) identifiers for things that need identification. Think UUIDs. Make the name a descriptive text property of the person/thing that they can change at any time. Consider not having names for humans, but rather just asking the user for the strings that you would like to use in certain places, eg:
“When we validate your provided credit card, what is the name that the bank expects?”
“What should we put in the ‘name’ spot on packages or letters that we send to you?”
“To make this app more friendly, we would like to address you by name. If that is ok, type the name that you would like us to use in this situation:”
Couldn't agree more. In fact, I've ranted about this before [1]. Names can change, names can be as short as zero or one characters, or ridiculously long. Applying ones own cultural assumptions to what makes a valid name is not a good idea.
What if one's name is represented by a non-printable character or logo? Perhaps your form provides a way to upload a glyph, or you need to enable name submittal via floppy disk.
I mostly agree, just one needs to be careful, especially when dealing with people whose first language may not be English, when asking these more complicated questions since they may be misunderstood. I like the final example a lot.
I am skeptical of the analogy to overfitting, although I understand where the author is coming from and agree with the sentiment.
The basic problem is stupid simple. Optimizing a process for one specific output necessarily un-optimizes for everything else.
Right now much of commerce and labor in the United States is over-optimized for humans because tech businesses are optimizing for specific outcomes (productivity, revenue, etc) in a way that ignores the negative impacts on the humans involved.
The optimizations always turn into human goals, eg my manager needs to optimize for productivity if they want a bonus (or not get optimized out themselves), which means they need to measure or estimate or judge or guess each of their employees’ productivity, and stupid MBA shit like Jack Welch’s “fire the lowest 10% every year”) results in horrible human outcomes.
Sure there are people who need to be fired, but making it an optimization exercise enshittified it.
Same for customer service. Amazon wants to optimize revenue. Customer service and returns are expensive. Return too many things? You’re fired as a customer.
Call your mobile providers customer service too often? Fired.
Plus let’s not staff customer service with people empowered to do, well, service. Let’s let IVRs and hold times keep the volumes low.
All anecdotes but you’ve experienced something similar often enough to know it is the rule, not the exception, and it’s all due to over-optimization.
Ok that is pretty amazing. I followed the link to the repo of tools and it’s crazy that not only can you use automation to track and identify ships but also look up their cargo manifests.
The visualization is beautiful but the time scale is too large and the maps too zoomed in to identify much in the way of patterns.
reply