Allegedly invented by accident, the humble Post-it Note has likely been responsible for more potential breaches in computer security than any single virus, rootkit or keylogger. This handy little aide-mémoire is home to 'to do' lists, phone numbers, doodles, and (inevitably) passwords.
Most people wouldn't tape their front door key to their front door, yet they'll happily stick their computer password to the front of their computer monitor.
One time, in a book shop, I had to endure a customer loudly direct her workmate (via cell phone) to riffle through her desk drawer for the letter containing her bank PIN number. To this day I still cannot decide what was more brain-dead, the fact that she stuffed the letter into an unlocked drawer, the fact that said unlocked drawer was in a semi-public place, the fact that she revealed its existence to someone else, or the fact that she repeated the number loudly for all the shop to hear as it was read to her!
Incidents like this might be amusing, if not for the fact that we're moving towards an age when all our data may be held remotely (on 'the cloud') and accessed via Rich Internet Applications. But solving this problem could open up another one: as focus shifts from physically protecting locally stored data, to asserting access permissions on remotely held data, will we need to lose our anonymity to protect our privacy?
The reason people don't get computer security is because it's largely intangible. They can touch their front door key, picture in their mind's eye the menacing stranger trespassing in their home, see the empty space where their beloved widescreen TV used to be — yet none of this really seems to apply to something as ethereal as a password, or the data on a hard disk.
In the eight-bit days 'safe-sex' computing used to be so easy — the worse most malware could do was trash a floppy, so we simply avoided dubious software and kept valuable disks write protected by default. Later, viruses meant malware could infect and trash other disks, but opportunities for infection were rare, plus backups and virus checking reduced the risk almost to nothing. For the most part security was a minor concern; something to be aware of, but not paranoid about.
Then the World Wide Web got itself invented. Suddenly software from the four corners of the World was passing through the average browser cache on a minute-by-minute basis, and malware was no longer content just trashing your data, now it wanted to steal it!
Yet users still have to be urged to install and maintain good network security software. If left to their own devices many don't bother — try scanning for wireless access points from your home and see how many of your neighbours didn't even spend the extra few moments to secure their router. Even dropping a friendly hint over the garden fence won't work — you're just that craaaaazy techie guy from next door, babbling about sniffing someone's packets!
The problem here is still a physical one though — the data still physically lives on devices you own, the thief is trying to duplicate it elsewhere. But once the data moves to 'the cloud' the problem shifts to one of identity. Your data is already elsewhere, the issue is do you have permission to access it?
On the internet, everyone knows you have blue eyes
Recently I just managed to stop a friend from logging into his webmail account via a public computer in a hostel's common room... with the "remember me" box ticked! Sheepishly he agreed it might be a little safer if he didn't give everyone using the PC after him free access to his mailbox. Last week I helped another friend FTP files to her new web site. Proudly she explained to me how she devises unique passwords for every internet account — first name plus an incrementing number (Jane36... Jane37... Jane38...)
These people aren't stupid (indeed they represent the norm) but can they be trusted in an age when all their private data may be protected by merely a password?
It got me wondering whether biometics might be the way forward. We've already seen some laptops issued with fingerprint recognition instead of passwords to secure them, and face recognition using a built in webcam is also possible. But how about using this technology to restrict access to the applications and data itself?
On the surface, it makes sense twice over. For the software industry it means customers can't get free applications by trading passwords. For the users it means their data is now protected (to potentially quite a high level) with zero effort on their part.
It could even provide an effective replacement for Digital Rights Management. If iTunes used face/fingerprint scans to digitally tie my downloads to my identity, I should be able to freely play my music on every device I'll ever own, so long as its configured to 'me'.
But here's the problem: if permission to run my applications and access my data is tied to something so certain, unique and unchangeable, doesn't it pretty much blow any hope of anonymity out the water?
Listening to a recent edition of the Leo Laporte podcast The Tech Guy I was amused to hear Leo explain how his teenage daughter had set her public profile on FaceBook to that of a 38 year old guy from New Jersey. Smart kid — it presumably avoids a lot of unwanted attention. But if biometrics became the norm for accessing FaceBook this might become impossible, or a least tricky. If FaceBook gained access to a second independent data source it could compare the biometric reading and discover the inconsistency. The issue would then boils down to whether FaceBook would enforce its terms and conditions. Even if an individual RIA host had a policy of permitting bogus details, the biometric 'password' might still expose the real account owner to the Police or FBI, should they come knocking...
So, as our digital lives move steadily with each passing month onto 'the cloud', it seems like we have a straight choice: carry on with user-unfriendly passwords and expose hundreds of millions of regular users to high risk of having their data stolen, or move towards a (supposedly) idiot-proof biometric system and surrender any hope of anonymity.
Unless anyone has a better idea...?