This week the press is all agog about how Windows 8 is going to “securely” manage passwords. Win 8 will do this with LiveID, syncing passwords across multiple computer platforms, using “TrustedID” to authenticate the computer, and storing all your long complex passwords in the cloud or on your device. But the sense of security is still misplaced.
When it comes to security, multi-authentication is the first topic that comes up, and these are:
- Something you have. (Smart Card, token, etc.)
- Something you know. (Password, PIN or pattern)
- Something you are. (Fingerprint, iris scan, etc.)
So let’s break down Win 8 strategy based upon these factors.
First, storing passwords on the device that you will be using to access applications, sites, servers, etc., is a violation of “something you have.” Something you have has to be a completely separate piece of hardware that had to be brought together with another piece of hardware. That’s why we use smartcards, tokens, dongles, etc. So synchronizing and Trusted ID adds little to no security. Read More→