Can We Fix the Security Economics of Federated Authentication? (Transcript of Discussion)
OK, so the talk that I’ve got today is entitled “Can We Fix the Security Economics of Federated Authentication?” and some of this is stuff that I did while I was at Google in January and February. I’m on sabbatical this year and so I’m visiting various places, and doing various things that I don’t normally do.
Let’s go back 25 years. When I was a youngster working in industry the sort of problem that you got if you were working with a bank was this. People joined and had to be indoctrinated into four or five systems and get four or five different passwords. You might find that your branch banking system ran under MVS, so you needed a RACF password; your general ledger ran under DB2, so you needed a DB2 password – and that was a different lady in a different building – and if you became the branch’s foreign exchange deputy clerk then you needed a SWIFT password, which was yet another administrative function in yet another building. And of course this played havoc with usability: post-it notes with passwords are a natural reaction to having to remember six of them. And if you tell your staff to change passwords every month, of course they’ll just rotate them.
KeywordsMobile Phone Cloud Service Credit Card Call Centre Gift Card
Unable to display preview. Download preview PDF.