I've stated this more than a few times, but in my experience with many clients and friends, the ability and freedom to create your own password should be taken away from most (all?) users.
That is just silly. Best practices for password security are well known and relatively simple. If a user is too stupid to learn the rules, let them reap the benefits of their ignorance.
Quote:
Originally Posted by ThePixelDoc
I also think that Apple has a unique opportunity to make TouchID ubiquitous and to allow it to be used in replacement of 2FA and as a unique identifier.
Big problem with that, at least in the US. Current case law allows the government to force you to give up biometric data if they want access to your encrypted data. However, forcing you to give up a memorized password is consider self incriminating testimony and considered unconstitutional. In other words, if your data is secured with something you have, the authorities can force you to give it up, if your data is secured with something you know, they cannot.
That is just silly. Best practices for password security are well known and relatively simple. If a user is too stupid to learn the rules, let them reap the benefits of their ignorance.
From previous conversations on this forum there is a surprisingly large number of people that believe security to be non-existent to the point that they have stated they don't think it necessary to have complex passwords or to use different passwords for different sites.
Out of interest how many Office documents would it take to fill 1 TB?
BTW Can you also store your Aperture and FCPRoX files there too?
I don't even store many Office documents - it's mostly family photos/videos for archiving. They just recently announced an increase for file size from 2GB to 10GB, but haven't tried it yet.
I'm a big fan of Office 365. 5 accounts each with their own 1TB of storage for $99 a year.
Oh, and they throw in a FULL version of Office as well (including Access).
I have 3 small business clients that I was trying to get interested in upgrading to 365 about a year ago, because IMO I "thought" it would be a better deal and easier for them than moving to a Mac and iOS (thanks would also go to @Relic for her glorious experience with her Nokias she shared here at AI). Especially since they were sitting on Office 2003 and certain things don't work if you would like to integrate Windows Phone or Surface and sync from the desktop.
The break down though is typical Microsoft when it comes to their love of multiple versions, and their silly reasoning for not making some things available as a logical "step up" in plans.
Just look at the comparison I'm linking to... and ask yourself, why would someone NOT want enterprise Email when they have a WinPhone or Surface. Essentials and Premium has it, but the middle plan Business Basic.... no Enterprise Email, Online Meetings, or Social? Really? WTF?
I don't even store many Office documents - it's mostly family photos/videos for archiving. They just recently announced an increase for file size from 2GB to 10GB, but haven't tried it yet.
I'm so glad I got rid of Dropbox especially after I learned that Condolezza Rice was appointed to the Board of Directors. I kicked Dropbox to the curb!
No. It's in all seriousness. Considering that a lot of people are of the false impression now that many of the things they're doing are as secure as they WANT or NEED them to be... is a false assumption. Because even if THEY don't have anything to hide... if their non-secure device that they are proud of get's hacked or portions thereof leaked, it is often a 3rd or 4th party that doesn't appreciate their lackadaisical attitude towards security... and may be even harmed because of it (Kate Upton's pics and messages being stolen from Justin Verlander's account/phone/where-ever comes to mind).
Best practices for password security are well known and relatively simple. If a user is too stupid to learn the rules, let them reap the benefits of their ignorance.
For you... Soli (above post was a good one)... myself... and a lot of tech interested folks around here. Not so for the average consumer which includes everything from children under 10 to Grandparents over 90... and everyone in between that can't be arsed... or expected to really learn the truth and rules, which are still evolving faster than even I can keep up with some times. It's quite obvious you've never dealt with this by explaining it to people that don't even have the time to figure it out... even if they do have the intelligence.
You appear to be one of those tech-egotistical, lacking-of-empathy individuals that don't see this even from a business advantage that Apple could gain from this. You rather enjoy pointing at people and going, "idiot!" and laughing at their "self-made" stupid situations they find themselves in.... right? I may be stretching the narrative, but you're giving off some bad vibes in your discussion on this matter, which again... is serious and not silly.
Big problem with that, at least in the US. Current case law allows the government to force you to give up biometric data if they want access to your encrypted data. However, forcing you to give up a memorized password is consider self incriminating testimony and considered unconstitutional. In other words, if your data is secured with something you have, the authorities can force you to give it up, if your data is secured with something you know, they cannot.
-kpluck
IANAL... and there are others here better versed in American law that can address that statement better than I can.... although, I'm not convinced your statement is fact. Citation maybe would help. I'm all for learning....
Except if someone leaves their car unlocked and it gets stolen, you don’t blame the car or its system of security. You blame the moron who “couldn’t be arsed” to lock it.
Two-step verification is a genuine pain in the arse. Remembering unique complex passwords is also not the solution.
The trick is to make 2-step as painless as possible. Back in the day, I traveled with a FOB to access my company's VPN. I know these are still used, but what if we could carry around a single FOB for all participating services. So, if I logged into Gmail, it used the same FOB as when I sign into Amazon as when I sign into DropBox etc.
Then, how about if that FOB was no longer a standalone FOB, but an app on my phone that could only be accessed via the fingerprint reader. Kind of like 3-step verification. Adding new accounts to the "FOB app" would be the most cumbersome part, but the day-to-day would not be.
Except if someone leaves their car unlocked and it gets stolen, you don’t blame the car or its system of security. You blame the moron who “couldn’t be arsed” to lock it.
Come on TS... when someone has their car stolen these days it's because they couldn't be "arsed" to hit ONE BUTTON on their car key.
That's a bit different than.... ah forget it... you know the drill.
Suffice it too say... IMHO this one of your weakest analogies for a myriad of reasons if you would have thought about it a minute longer.
Not trying to pick a fight.... just come up with something better, or at least something that gives us something to debate about.
Two-step verification is a genuine pain in the arse. Remembering unique complex passwords is also not the solution.
The trick is to make 2-step as painless as possible. Back in the day, I traveled with a FOB to access my company's VPN. I know these are still used, but what if we could carry around a single FOB for all participating services. So, if I logged into Gmail, it used the same FOB as when I sign into Amazon as when I sign into DropBox etc.
Then, how about if that FOB was no longer a standalone FOB, but an app on my phone that could only be accessed via the fingerprint reader. Kind of like 3-step verification. Adding new accounts to the "FOB app" would be the most cumbersome part, but the day-to-day would not be.
Just thinkin'.
These are all solutions with pros and cons, and there are many other solutions, but suggesting not having a unique password per site/account is not one of them. As for remembering, why do that? Use a password manager.
Not trying to pick a fight.... just come up with something better, or at least something that gives us something to debate about.
I fail to see how it’s invalid. Everyone knows that you have to have a password when using a computer. It’s not difficult to come up with a decent one. If you “can’t be arsed” to do so, there are utilities for which you can pay (and free ones) to do so for you. They’re automatic.
That is just silly. Best practices for password security are well known and relatively simple. If a user is too stupid to learn the rules, let them reap the benefits of their ignorance.
You haven't met many human beings have you? First, the "best practices" you mention are not at all known to the average device using person. Trust me, they don't know such things even exist, so how would they find them or even know to look for them? Second, never forget that, at all times, half the population is on the LEFT side of the IQ bell curve.
in february of last year i started getting spam to the email address that i used just for dropbox. an email address that was unique to dropbox; an email address that only they had ever known about; an email address that was in its own mail subdomain. i contacted them several times using several different methods and never heard a peep from them. that's when they lost me as a customer. zero customer service.
These are all solutions with pros and cons, and there are many other solutions, but suggesting not having a unique password per site/account is not one of them. As for remembering, why do that? Use a password manager.
I fail to see how it’s invalid. Everyone knows that you have to have a password when using a computer. It’s not difficult to come up with a decent one. If you “can’t be arsed” to do so, there are utilities for which you can pay (and free ones) to do so for you. They’re automatic.
Soli's post above yours says just that... and I wholeheartedly agree that EVERYONE should be using a password manager, and if Apple gear is your thing, 1Password is a MUST HAVE program.
HOWEVER.... for those that don't want to pay for, or even deal with "oh no... yet another program I have to learn".... your analogy of a car with a one-button pre-made security solution.... is not the same as:
1) choosing a secure password;
2) separate accounts and throw-away email accounts used for service correspondence ONLY (meaning not daily usage or for any other service);
3) 2-step verification;
4) security questions for password recovery;
5) some place (usually just as stupid) to file away all of the UID/PW combos***
And again might I stress, other than the extreme case I mention below... I can't tell you how many times I have heard, "I don't have anything to hide or steal" where those people forget that they are adding to the insecurity of the people they love like friends and family, and often times just acquaintances. Their insecure phone is the stepping off point to others getting hacked... maybe their daughters phone or computer for example.
Thanks for giving me the opportunity to say it again... but maybe not so extreme: there must be a better and more efficient way found for Internet authentication... even if it means taking choice out of the hands of "many" people. Or at least causing them to jump through hoops to turn off default high security measures... and reinforcing the fact at every step of the way that they are in danger.
At that time... I may lose my respect and empathy for those sorry "arsed" souls and leave it up to destiny to deal with their bad choices. Although my instinct tells me it's going to effect someone else more than the person that thinks they know it all and turned it all off. :no:
*** I had a business client that had an alias to an excel spreadsheet named "passwords" on the desktop in a Windows 7 admin install that hadn't seen updates in almost a year; with no screen locking. You can't imagine the expression on my face... which was only more skewed in horror when I saw that almost all of the 100+ UID/PW combos were the same or with little modification(!)
What do you tell a successful businessman in that situation?
You haven't met many human beings have you? First, the "best practices" you mention are not at all known to the average device using person. Trust me, they don't know such things even exist, so how would they find them or even know to look for them? Second, never forget that, at all times, half the population is on the LEFT side of the IQ bell curve.
... but that's only due to the inherent 'leftiness" of the Bell curve as opposed to the "Gaussian function"........ :smokey:
Comments
Out of interest how many Office documents would it take to fill 1 TB?
BTW Can you also store your Aperture and FCPRoX files there too?
I've stated this more than a few times, but in my experience with many clients and friends, the ability and freedom to create your own password should be taken away from most (all?) users.
That is just silly. Best practices for password security are well known and relatively simple. If a user is too stupid to learn the rules, let them reap the benefits of their ignorance.
Quote:
I also think that Apple has a unique opportunity to make TouchID ubiquitous and to allow it to be used in replacement of 2FA and as a unique identifier.
Big problem with that, at least in the US. Current case law allows the government to force you to give up biometric data if they want access to your encrypted data. However, forcing you to give up a memorized password is consider self incriminating testimony and considered unconstitutional. In other words, if your data is secured with something you have, the authorities can force you to give it up, if your data is secured with something you know, they cannot.
-kpluck
From previous conversations on this forum there is a surprisingly large number of people that believe security to be non-existent to the point that they have stated they don't think it necessary to have complex passwords or to use different passwords for different sites.
Out of interest how many Office documents would it take to fill 1 TB?
BTW Can you also store your Aperture and FCPRoX files there too?
I don't even store many Office documents - it's mostly family photos/videos for archiving. They just recently announced an increase for file size from 2GB to 10GB, but haven't tried it yet.
You can store any type of files you like.
Rats. There go my apple picking pictures.
I have 3 small business clients that I was trying to get interested in upgrading to 365 about a year ago, because IMO I "thought" it would be a better deal and easier for them than moving to a Mac and iOS (thanks would also go to @Relic for her glorious experience with her Nokias she shared here at AI). Especially since they were sitting on Office 2003 and certain things don't work if you would like to integrate Windows Phone or Surface and sync from the desktop.
The break down though is typical Microsoft when it comes to their love of multiple versions, and their silly reasoning for not making some things available as a logical "step up" in plans.
Just look at the comparison I'm linking to... and ask yourself, why would someone NOT want enterprise Email when they have a WinPhone or Surface. Essentials and Premium has it, but the middle plan Business Basic.... no Enterprise Email, Online Meetings, or Social? Really? WTF?
What is the read / write speed?
I'm so glad I got rid of Dropbox especially after I learned that Condolezza Rice was appointed to the Board of Directors. I kicked Dropbox to the curb!
No. It's in all seriousness. Considering that a lot of people are of the false impression now that many of the things they're doing are as secure as they WANT or NEED them to be... is a false assumption. Because even if THEY don't have anything to hide... if their non-secure device that they are proud of get's hacked or portions thereof leaked, it is often a 3rd or 4th party that doesn't appreciate their lackadaisical attitude towards security... and may be even harmed because of it (Kate Upton's pics and messages being stolen from Justin Verlander's account/phone/where-ever comes to mind).
For you... Soli (above post was a good one)... myself... and a lot of tech interested folks around here. Not so for the average consumer which includes everything from children under 10 to Grandparents over 90... and everyone in between that can't be arsed... or expected to really learn the truth and rules, which are still evolving faster than even I can keep up with some times. It's quite obvious you've never dealt with this by explaining it to people that don't even have the time to figure it out... even if they do have the intelligence.
You appear to be one of those tech-egotistical, lacking-of-empathy individuals that don't see this even from a business advantage that Apple could gain from this. You rather enjoy pointing at people and going, "idiot!" and laughing at their "self-made" stupid situations they find themselves in.... right? I may be stretching the narrative, but you're giving off some bad vibes in your discussion on this matter, which again... is serious and not silly.
IANAL... and there are others here better versed in American law that can address that statement better than I can.... although, I'm not convinced your statement is fact. Citation maybe would help. I'm all for learning....
Except if someone leaves their car unlocked and it gets stolen, you don’t blame the car or its system of security. You blame the moron who “couldn’t be arsed” to lock it.
Two-step verification is a genuine pain in the arse. Remembering unique complex passwords is also not the solution.
The trick is to make 2-step as painless as possible. Back in the day, I traveled with a FOB to access my company's VPN. I know these are still used, but what if we could carry around a single FOB for all participating services. So, if I logged into Gmail, it used the same FOB as when I sign into Amazon as when I sign into DropBox etc.
Then, how about if that FOB was no longer a standalone FOB, but an app on my phone that could only be accessed via the fingerprint reader. Kind of like 3-step verification. Adding new accounts to the "FOB app" would be the most cumbersome part, but the day-to-day would not be.
Just thinkin'.
Come on TS... when someone has their car stolen these days it's because they couldn't be "arsed" to hit ONE BUTTON on their car key.
That's a bit different than.... ah forget it... you know the drill.
Suffice it too say... IMHO this one of your weakest analogies for a myriad of reasons if you would have thought about it a minute longer.
Not trying to pick a fight.... just come up with something better, or at least something that gives us something to debate about.
These are all solutions with pros and cons, and there are many other solutions, but suggesting not having a unique password per site/account is not one of them. As for remembering, why do that? Use a password manager.
I fail to see how it’s invalid. Everyone knows that you have to have a password when using a computer. It’s not difficult to come up with a decent one. If you “can’t be arsed” to do so, there are utilities for which you can pay (and free ones) to do so for you. They’re automatic.
That is just silly. Best practices for password security are well known and relatively simple. If a user is too stupid to learn the rules, let them reap the benefits of their ignorance.
You haven't met many human beings have you? First, the "best practices" you mention are not at all known to the average device using person. Trust me, they don't know such things even exist, so how would they find them or even know to look for them? Second, never forget that, at all times, half the population is on the LEFT side of the IQ bell curve.
and now their employees are arguing with kids over use of a soccer field. http://blog.sfgate.com/cityinsider/2014/10/13/dropbox-apologizes-in-mission-soccergate-protest-planned/
jerks all around.
Cloud is not safe. I only use it for files which I can lose and i don't care if the world sees it.
Soli's post above yours says just that... and I wholeheartedly agree that EVERYONE should be using a password manager, and if Apple gear is your thing, 1Password is a MUST HAVE program.
HOWEVER.... for those that don't want to pay for, or even deal with "oh no... yet another program I have to learn".... your analogy of a car with a one-button pre-made security solution.... is not the same as:
1) choosing a secure password;
2) separate accounts and throw-away email accounts used for service correspondence ONLY (meaning not daily usage or for any other service);
3) 2-step verification;
4) security questions for password recovery;
5) some place (usually just as stupid) to file away all of the UID/PW combos***
And again might I stress, other than the extreme case I mention below... I can't tell you how many times I have heard, "I don't have anything to hide or steal" where those people forget that they are adding to the insecurity of the people they love like friends and family, and often times just acquaintances. Their insecure phone is the stepping off point to others getting hacked... maybe their daughters phone or computer for example.
Thanks for giving me the opportunity to say it again... but maybe not so extreme: there must be a better and more efficient way found for Internet authentication... even if it means taking choice out of the hands of "many" people. Or at least causing them to jump through hoops to turn off default high security measures... and reinforcing the fact at every step of the way that they are in danger.
At that time... I may lose my respect and empathy for those sorry "arsed" souls and leave it up to destiny to deal with their bad choices. Although my instinct tells me it's going to effect someone else more than the person that thinks they know it all and turned it all off. :no:
*** I had a business client that had an alias to an excel spreadsheet named "passwords" on the desktop in a Windows 7 admin install that hadn't seen updates in almost a year; with no screen locking. You can't imagine the expression on my face... which was only more skewed in horror when I saw that almost all of the 100+ UID/PW combos were the same or with little modification(!)
What do you tell a successful businessman in that situation?
... but that's only due to the inherent 'leftiness" of the Bell curve as opposed to the "Gaussian function"........ :smokey: