Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
US cyber security tsar Michael Daniel wants passwords to die in a fire and be replaced by other mechanisms, including selfies.
In an interview with the Christian Science Monitor Daniel said the death of passwords could signal a useful purpose for the much-beleaguered selfie.
"Frankly I would really love to kill the password dead (sic) as a primary security method because it is terrible," Daniel said.
"It has to be replaced with something that is easy to use.
"Some may be biometric related ... you could use the camera on cell phones which are now ubiquitous so that the selfies are actually used for something besides posting on Facebook."
Multi factor authentication would form part of an ecosystem that would signal the end of conventional passwords with additional security being layers on more critical services, he said.
He went on to say that the use of encryption models seemingly designed to lock out law enforcement should allow for lawful access.
"We don't want to have something that puts it utterly beyond the reach of law enforcement in the appropriate circumstances."
Northrop Grumman technical director Vern Boyle also interviewed said that organisations should re-engineer systems to be "disposable".
"Rather than fix static gateways, static routes, static endpoints that never move, we would have virtualised moving gateways, ad-hoc networks, and single-use private endpoints," Boyle said.
"This system would be controlled by network defenders, so rather than spend their time reacting, and chasing and climbing up that mountain of data, they would spend their time proactively re-configuring these systems so that they are very hard [for attackers] to understand and breach." ®