2024-04-22 19:18:05 - Paul D. Foy -
I see the use of a phone (a phone number) and text messages as the external third party communication means as a failure of Windows to provide a serviceable PC system for doing computing and online operations. We now typically have not just the need for a PC (or MAC) but a phone by us when doing this kind of thing. Surely a password forget is a big enough deal such that it doesn't need to be done 'on the go', but at your leisure. And you shouldn't need to squint at a phone when doing everything like your banking. It's also a failure of banks (for example) to not set a direction, and put a marker in the sand, but are at the beck and call of the shifting fortunes and competitions of the tech providers.

2024-04-22 19:08:34 - Paul D. Foy -
If a user with a name and password wishes to share in his security (and insure against losing his password) the solution would be to permit such a user if he wished to create a 'formal' account in which name is linked with an external means of communication such as an email address. Then password reset can only be achieved by communicating with the provider organisation via this email (or other external means) and the password re-supplied via this email. This guarantees the name and the email are one and the same individual and that this is the individual the one the provider organisation is dealing with. A further development of this is to do it remotely allowing the user to service his own password reset via his linked email. I'm not sure if it is possible to encrypt the password via this means so that no one in the provider organisation can discover it - I suspect not as this would be the creation of an algorithm which can not be decoded yet which is deterministic!.

2024-04-22 13:33:49 - Paul D. Foy -
There is the issue that what if a user forgets his/her password. Well an easy option is just to create another account with another name. Ok for this king of lightweight use - nut what if it's your banking account and you need the same account and everything that is in it. With this blog you would have to refer to Mathematical Services Limited to be re-told your password. This raises a few security concerns. People in Mathematical Services Limited would have knowledge of your password - so your open to fraudsters there - how do you get around that? There would ALWAYS be someone in the provider organisation that could get your password if they wanted to (possibly a software engineer) - they would know the encryption algorithm even if it was encrypted and was not viewable by most in the organisation. So as in life an element of trust is needed in the provider. That is why fraud is a criminal offence (in the UK). The password is the key - I can't think of a simpler yet effective technique for a non too serious application, with trust in the provider. The fact that society seems to have moved on to third party authentication, facial recognition blah blah is a sad comment on society. My password regime here was simply motivated by the need to differentiate seemingly different account with the same name - I did it by not allowing them and giving the account holder a token of identity.

2024-04-21 20:01:12 - Paul D. Foy -
I would say the offering is now similar to Twitter at its inception (yet with no limit on post or comment length). So a text based system allowing you to give your viewpoint or comment on that of others. It's also robust. Of course if I am bombarded with users I will run into problems through lack of resources - but I'll solve that problem when it arises.

Post a comment:

Name:

Password:

Comment:
Enter comment here ...