Agreed, but many of the Nobel Prizes wimped out on the revolutionary, or controversial science things. When they gave it to Einstein, it was for the photo-electric effect, not relativity, either special or general.
Meta questions for authentication have been used for years. One of the prime problems with passwords is currently requiring passwords that cannot be remembered, even with “security” hints. More than seven letters, upper and lower case, with a number and a symbol...If it is a password that is used infrequently or lost good luck! Writing them down is becoming a necessity, violating the physical security of the password in favor of the electronic security.
This is interesting stuff.
DK
So in a sense, wouldn’t this be like directly using those “secret” questions to gain site access instead of simply to retrieve or reset p/w’s?
Agreed. Current password regimes in many corporations has become a nightmare.
We could use crypography to solve the problem, but people are too dumb to use even fairly straightforward crypto like PGP/GPG intelligently.
example:
you and your bank exchange public keys using something like PGP when you set up your account with them.
When you go to the banks site, they encrypt a question to your public key. (what is 1+1?)
You decrypt the message and encrypt the answer back to them.
All of this could be fairly easily be implemented in browsers using plugins, but you'd need people to be capable of managing keys, and also physical security. It's not rocket science, but ou do have to be capable of understanding what is going on, and managing your keys or you're screwed.
I reached that level, and number of passwords, many years ago.
I’ve been using a program that pops up every time a password is needed with the correct one. I’ve named them so that I know I have the right one. Have over a hundred, nearly all different, and like speed dial, doubt if I even know many of the any more, though I do print out a ledger from time to time in case something goes wrong with the program. So far, in many years, nothing has.
In case you are wondering why I’d keep that kind of stuff on the hard drive, it’s already there, just not organized. After installing the program it gathered together all the passwords I’d used and ‘lined them up’ with the website it went to.