Schneier on Security

Good commentary here Bruce, similar to that of your discussions with Marcus. In total agreement with your viewpoint.

Is there a transcript somewhere?

Totally agree with your viewpoint. Any transcript available?

the dreamer in me wants to disagree with your "non-centralized login" point. I acknowledge that, like the qwerty keyboard, the current unwieldy model of separate logins all over the internet is likely to persist merely because it has a first mover advantage.

None the less, I long for a more universal mechanism for authentication rather than the ad hoc system we have. In the real world the drivers license is a universally accepted ID (in the USA). Likewise for the passport. Why can't we have an internet equivalent?

Here is a serious problem: email (gmail for me) is a weak spot for internet portal password reset. If someone can hack into my email they can successfully reset my gmail password (locking me out) and then reset various financial site passwords that use the "we'll email you a temporary password". Like it or not, we have all come to rely on internet based email (gmail, yahoo, hotmail) yet these email systems do not have robust authentication and login reset protocols.

What I think we need is for certain brick and mortar businesses (e.g. banks, the DMV or perhaps verisign) to do face to face authentication (e.g. at least have a video record of you getting your private key) and issue public/private keys used for internet authentication.

We also probably need a dedicated device for storing private keys and generating digital signatures. Dedicated rather than an iPhone application so that the device is much harder to hack/infect.

The idea is to have something like an RSA SecurID but to have a single device that can be used to authenticate me everywhere on the internet.

Today, even if I use secure passwords which I change every week (and store in Password Safe) I am still susceptible to keystroke loggers.

I realize that a single public/private key being issued and used for all authentication presents a single point of attack (raising the reward of compromising such a system) but it can't be worse than the stupid "I have 500 passwords to manage" scheme we have now.