Who Goes There?

Parker, Carey

doi:10.1007/978-1-4842-9036-1_5

Carey Parker²

1085 Accesses

Abstract

We can’t go much further in this book without discussing passwords. I hate passwords. I hate them with a passion. And I know I’m not alone. But despite some promising new technology, I’m here to tell you that password-based authentication is still your most secure option for proving your identity today, if you use them correctly. By the time you finish this chapter, you’ll understand why.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

eBook: USD 16.99; Price excludes VAT (USA)

Softcover Book: USD 39.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
https://www.nytimes.com/2022/12/27/technology/for-sale-on-ebay-a-military-database-of-fingerprints-and-iris-scans.html
2.
https://www.grc.com/sqrl/sqrl.htm
3.
You can keep track of support for passkeys on your devices and major websites here: https://passkeys.dev/
4.
This is from an annual report from SplashData (https://www.splashdata.com). Note that this is the list of all hacked passwords… that is, of all the passwords the bad guys were able to guess, these are the most popular.
5.
Special thanks to Steve Gibson’s excellent website for these figures: https://www.grc.com/haystack.htm
6.
If you want a truly unique and fun way to “roll” your dice, check out the official Firewalls Don’t Stop Dragons challenge coin! https://d20key.com/#/coin
7.
Security people sometimes cheekily refer to these as “something you forget, something you lose, or something you cease to be.”
8.
SIM = subscriber identity module. It’s what ties your account to your phone number and the smartphone itself.
9.
Most people attribute this to a 2004 policy written for the National Institute of Standards and Technology by a guy named Bill Burr. He got it from a whitepaper from the 1980s! He’s since apologized for this, and NIST has removed this from their security recommendations.
10.
If you’re interested in this level of privacy, I will have some recommendations at the end of the book.
11.
For some really stupid reason, we have not settled on a simple login standard for websites. And apparently, one common issue with Bitwarden is that it doesn’t always recognize when you’re logging into a website for the first time. In those cases, you can explicitly add your website credentials using the plugin menu on your browser.
12.
This is a Harry Potter reference: https://en.wikipedia.org/wiki/Magical_objects_in_Harry_Potter#Horcruxes
13.
https://en.wikipedia.org/wiki/Salt_(cryptography), https://en.wikipedia.org/wiki/Pepper_(cryptography)

Author information

Authors and Affiliations

North Carolina, NC, USA
Carey Parker

Authors

Carey Parker
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Parker, C. (2023). Who Goes There?. In: Firewalls Don't Stop Dragons. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-9036-1_5

Download citation

DOI: https://doi.org/10.1007/978-1-4842-9036-1_5
Published: 04 February 2023
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-9035-4
Online ISBN: 978-1-4842-9036-1
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books

Publish with us

Policies and ethics