Steve Riley on Security

Formerly of Microsoft's Trustworthy Computing Group.

Tools in the proposed consumer security book

Tools in the proposed consumer security book

  • Comments 1
  • Likes

Oh, I forgot to mention that we're planning some tools for the consumer book, too. The first will help you set yourself up as a least-privileged user. It would detect how you're running now, create an account for managing the system and running games and older application, and then change the privileges of all other accounts on the system.

The second tool is a web site password manager. Unlike similar tools, this one would generate all the passwords for you, making them as strong as possible (possibly using predefined character sets for common sites). Unless you specifically instruct it to, the tool never shows you the password; instead, it copies the password to the clipboard so that you can paste it into a field. The tool uses a master pass phrase or an automatically-generated key stored on a USB drive to generate passwords on the fly, so that it never needs to store actual passwords. There will be an option to export your password list so that, for shared sites, you can share passwords.

Comments
  • I use PasswordSafe for this... works quite well. I can think of a few problems that would be caused by the user never seeing the password... how would you access any sites by means other than the computer you have the password manager on? I'm sure that the general population likes to access their bank or web based mail from work computers as well as their home machines.

    I know you could argue that someone really concerned with security would take the inconvenience hit and never access their bank from anywhere but their home machine (I do this), but since this book is aimed at the common user, I think that's a security/convenience trade off that a lot of common users wouldn't make.

    It would also break single authentication schemes like Passport. I use passport for access to hotmail, messenger, betaplace, the MCT download site, the MCP estore etc etc. Some of those things I don't mind restricting to use from only my home machine, but there's no way I would use anything that would restrict me from using hotmail from anywhere. After all, the main point of webmail / photos / blogs and other web based services is access from anywhere yeh?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment