Reply to post: Re: This will never be fixed?

Alibaba security fail: Brute-force bonanza yields 21m logins

breakfast Silver badge
Boffin

Re: This will never be fixed?

The accepted wisdom is that security is hard, and just once in a while wisdom is accepted because it is true rather than simply because it is easy. The problem is that in general you want to offer people the simplest thing that can possibly work, but that either relies on human factors ( such as users being able to choose a good password, which is tricky because users are humans ) or mechanical factors ( such as locking an account to a single machine with a specific certificate on it which become problematic when the user loses access to the exact mechanical configuration they were using or needs to access the service from another system or location.)

There are good ideas around but it doesn't seem as though anybody has really got to the heart of this problem yet and a lot of very smart people on the usability and security sides have been working on it for a long time.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon