trust, or protection?
- Funny to raise the question "how can we trust each other if we don't know each other." Usually the question is "how can we protect ourselves from each other." I don't think we can ever get to the point where no protection is required. For example, I'm concerned enough that any old kind of network scares me, let alone networks that include people I don't know. I'd love to get remote access to my work and home pcs, but am skeptical about others having a look at all my stuff.
All Replies
- You raise some interesting points Mr Franblanda!
Staying away from the philosophical arguments for a second and looking at network security. Let's talk about remote access.
You worried that other people might look at your stuff, in other words your worried that the remote access software you use isn't smart enough to work out if someone other than yourself is trying to gain access to your home PC. If you just use a username and password then you would not be unjustified in your concerns. Using only one factor of authentication is never going to be that secure.
This is where the two other factors of authentication come in, just in case you don't know the three are:
1) Know e.g. a password
2) Have e.g. a phone
3) Are e.g. a fingerprint
I would recommend looking at "Have" for a 2nd factor for authentication and looking for a solution that uses a phone.
- How do you know I'm a Mr? :-). Also, why do you think a solution that uses a phone is the right one? There are all sorts of people I know that use physical tokens and other 2-factor solutions. Why is a phone-based solution better?
- HaHa.A statistically educated guess :-).
- In terms of why a phone-based solution is better.What item does every one carry with them, and is ubiquitous. Yep cellular phone. This means that it's a lot cheaper and more convenient for the user to use this type of solution.If you can prove that you have a predetermined phone number on your person when you try and access a system, that makes authentication a large factor more secure.Other solutions are available, but they are either more expensive, less convenient or less secure. Or all three!Phone-Based solutions are in that sweet spot of convenience, price and security for most people.
- It's funny that you guys are talking about phone-based authentication. I am a newbie on the forum, but my company just started using an application called Phonefactor for logmein. We are able to remotely access our computers from home. Also, at the same time we have 2-factor authentication using our mobile devices. The icing on the cake is that Phonefactor for logmein is a free application.So it works great for a small IT company like ours.
- Thanks garyavich, yes Phonefactor seems to be capitalising on the benefits of using phones for authentication.I found this page on how passwords can be easily hacked, interesting reading: http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/
- Hello everyone
Phone. One of the methods used to enhance security especially in commercial transactions but can also be used in other applications.Trust. What leads a user to have confidence in something that he suspects! ..
ie: When a user browses a simple forum and is faced with a mandatory registration is requested in which personal data (name, residence, phone, country) you may be breaking the trust.
-- The safety and confidence do not always go hand in hand. (What's safe, it is generally suspected. What usually trust is not safe) -- - >> "how can we trust each other if we don't know each other
You can't as trust must be earned, just like a "good reputation". Trust is built on the principles of ethical behavior and reliable conduct over time. While this is more related to ethics than technical trust, I wrote 3 articles for a professional insurance affiliation I belong to, during March that are summarized in the article below:
http://msmvps.com/blogs/harrywaldron/archive/2009/04/24/the-importance-of-ethics-in-today-s-business-environment.aspx
Folks need to not only trust but verify even after a good relationship is established. One of the 3 articles discusses how Bernie Madoff used both his influence and reputation to steal possibly over $65,000,000,000 from friends and over investors over time.
Finally, even knowing someone isn't always the answer as we're all human and make mistakes. Still, the ethical person acknowledges and corrects these.
One point of good news is most untrustworthy folks who are in the minority among the overall population of users. Just as in the general public, the majority of folks on the Internet are good people and they don't want to steal directly from us. Still "one bad apple can spoil the bunch", as the bad guys have enough email and website attacks that it make the Internet a dangerous environment.
Thus one should not only be careful with people, but with email and website access. Following best practices, staying up-to-date on patches, and having great protective software are all mandatory given the attacks we see. The bottom line is that trust can be achieved after good experiences and verification over time, but one must always remain vigilant and careful at all times.
Harry Waldron, Microsoft MVP - Enterprise Security Mr Waldron, sir.
"You can't as trust must be earned, just like a "good reputation"." From this statement I can surmise that earned trust is an empty purse. For example, beginning of man, Neandertal meets Cro-magnon there were some things on first meeting they could trust about one another if they were but aware of it... This stranger needs food, shelter, a mate, and other basic needs. The uncertainty that drives fear is, will the other just take it? and to what extremes? I am gussing that this level of trust is not at issue. Ethical trust or morality, can only be judged with respect to particular situations, within the standards of particular belief systems. Since all of us sentient beings hold a unique belief or relationship, is it fair to say that noone can have trust with everyone and if everyone can not trust you... what price are you willing to pay for that trust? and to some extent since I beleive souls are notcreated abinisio as Orthadox Christianity teaches but has to be brought into existance by the process of self observation and environment. Am I left to guess, what environmental conditions would lead a person to beleive "Buyer Beware" is a valid comerce model. So, to cut to the quick because I fear I may start to sound like I am lecturing you.. "Trust to be earned" is to be from... the good banking and insurance institutions that have so well earned that good reputation? I can trust that the genetic memory embedded in all of us revisits the aformentioned prehistoric meeting. It does not mean that all of those meetings went bad. Science beleives that in some cases more thn not that the meeting was not just the quiet side of the WW1 front but actually co-mingled. The empirical evidence in my life has me wondering if Friday the 13th wasn't a bit more sucessfull would we be better off.Sorry, I didnt mean to end on a bad note. I had some bad experiences with insurance companies and i know operationaly they have not changed... at least not here in the US. so when you bring up money and Banks and Insurance Companies I know we are not talking about a Good and Evil Trust in the classical sense but one of more... I trust them to be weasels and their "good Reputation" is trade practices to deflate competition or perceived threats.
Pappkartoosh
Just another speck in a fibernachi sequence of stars about to be reordered by Andromeda
