God bless Mat Honan’s pain, and Phobia’s digital deviance.
Can these two unlikely companions become the face of an identity revolution? (Honan’s got the cool glasses to pull it off, but I’m thinking Phobia won’t sit for a portrait.)
Will this duo become the shot heard 'round the cloud?
Will good rise from Honan’s martyrdom of obliterated pixels?
Can enough angst finally be stirred from vendors to end-user to repair a tangled mess of identity, verification, email, passwords and ill-advised ID management processes?
Can we settle for anything less and still expect to survive in a world of interconnected services?
If you haven’t heard Mat’s story, just search “Epic Hack” or check this link.
Phobia was Mat’s nemesis – kind enough to detail how the hack went down, but sinister enough to help unleash the digital wrecking ball.
But here’s hoping the fallout is productive – in fact, Phobia admitted to Mat that was part of the intent.
So the situation stands like this.
Two gigantic and Internet connected cloud services have been exposed for their house of cards and everyone is looking. Mat is left licking his wounds and admitting his errors.
Every cloud service or enterprise with a Web app is reexamining email, identity, identity services, passwords, password policies, security, verification, liability and customer service.
And tens of millions of customers are along for the scary ride that at any moment threatens to stop their hearts, soil their pants, and sink their digital life.
Now that Mat and Phobia have your attention …
Apple is in damage control that will hopefully lead to repairs.
Today, Wired reports, Apple put form in the back seat and let function ride shotgun.
Apple’s customer support no longer will process Apple ID changes over the phone. And hopefully Apple will re-commit to following policy no matter how lame it is (see security questions).
And Amazon, another exposed victim in the hack, no longer allows its service reps to execute on a system that allowed hackers to attack with only a name, email address and mailing address; three seemingly insignificant pieces of data readily obtained from the Internet by anyone with third-grade schooling and a hot spot.
Is change coming? It better be. Will it be perfect? Not likely, but the digital world is a work in progress.
Some of what’s needed is a better way to validate identity than using information that is available online or easily obtained from companies with bad process (re: Amazon; email, credit card digits).
Email providers need to understand their added role in the security chain.
And current identity efforts need vetting, such as the National Strategy for Trusted Identities in Cyberspace (NSTIC), standard protocols such as OAuth 2.0, and the OpenID Foundation's standardized interface called Account Chooser and OpenID Connect authentication spec.
Nishant Kaushik, noted identity expert, Twitter scribe and author of the blog Talking Identity, laid out the currently flawed pieces and introduced others that could color a new picture.
He said it’s time for identity authentication to be replaced by identity recognition.
And he thinks the Mat and Phobia story will be repeated before the sad state of affairs changes.
Is this what digital life is going to be like? If so, can it reach its potential? What has to change? What would you change?
Today, it’s Mat and Phobia. Tomorrow?
- How to use Google two-factor authentication
- How Apple let a hacker remotely wipe an iPhone, iPad, MacBook
- Black cloud looms over Apple online service after high-profile hack
- Stolen passwords re-used to attack Best Buy accounts
- Yahoo lacked policies for password creation
- For your eyes only: New twist on Digital ID could keep you from getting hacked