Category: Internet

[sc:internet-category ]Authentication and security has always been an issue with computers, but with the advent of the Internet and more recently cloud computing, plain old passwords just don’t seem to cut it any more.

I recently had one of my ISP e-mail accounts (which I haven’t used in years) get hacked.  It was a simple password and I guess the brute force of one of the bot nets finally cracked it.  Not a big deal, as I said, the account was dormant and only a couple of old contacts were in it (in fact only one contact was still valid).  I noticed the hack when I received the bounce messages in to my main mailbox and look in to it.

Of course the first thing I did was to re-secure the account.  I didn’t give it much more thought until I saw the announcement from Microsoft that they would be implementing two factor authentication on Microsoft accounts.

At first this seemed like a really good idea,  an application on your cell phone gives you the second factor and away you go.  Then I though about it some more.  While I don’t use many cloud services that I have to logon to each day, every once in a while I do and the thought of having to always have my phone with me and having to run an app just to login seems kind of a pain.

Even if the phone is in your pocket you could still be taking an extra 10 seconds for each logon.  If you do it 5 or 6 times a day, that’s a minute wasted.  Stretch over say 10 years, that eats up 2.5 days worth of time.

And does it really add security?  For weak password protected accounts, certainly.  But if instead of two factor authentication you instead used a longer password would it accomplish a similar goal without causing such an impact in time?  Let’s say I’m a reasonable typist, typing in an 8 character password probably takes 2 seconds, while a 24 character password would only take 6 seconds (probably a lot less once you get use to typing it).  Practically speaking a 24 character password will be impenetrable on any service that is even half way decently configured to limit the attempts at brute force attacks.

It also means I can access my accounts if I lose my phone, or leave it at home or in any other situation where I may not have it with me.

Of course it doesn’t protect people who use easy to guess passwords, but they’re not the people who will use it anyway so while it’s good to have as an option, I don’t think  I’ll be converting over until I absolutely have to.

Recently Google announced the end of Reader and some other services they offer, which is of course their prerogative, but doesn’t it kind of make you wonder what else could suddenly disappear?

Now to be clear, I’ve never used Google Reader, I run my own mail server and wrote my own RSS to IMAP provider so I know I’ll always have it available no matter what others may do (well as long as SMTP, IMAP and RSS are in use anyway).

But doesn’t it bring up a more fundamental question?  A free service like Reader may be popular but over time its usage may wane, then finally be cut off completely.  The user is at the mercy of the vendor and what they consider a priority.  A product like reader could easily enough be implemented at the client side but once you have given up control to the service provider you dead in the water if they decide to shut it down.

Most users have an “always on” broadband connection at home, is it time to start thinking of making software solution that can handle this kind of task for users, maybe even a hardware solution to run it if users don’t like the idea of an always on PC?

Obviously for myself the answer is yes, I don’t use many cloud services unless I have to (like SkyDrive for phone backup) or they are secondary to services I already run at home.

[sc:internet-category ]OpenMedia.ca is once again running a campaign to stop a bad piece of legislation from becoming law, learn more and sign the petition!

The ongoing fight between big business interests and normal users continues to be an epic struggle that won’t end until the business interests are told clearly that their interests do not trump the rights of the people, period.

Businesses that produce good products and respect customers don’t need the kind of laws that these special interest groups keep pushing for, good business make money by people wanting their products.