Monday, 20 September 2010

Extra security for Google users

It looks like Google are rolling out a beefed-up security model, based around two-factor authentication. This is where a person needs to provide two forms of proof that they own the username with which they are attempting to log in.

In most two-factor schemes, the first proof is a password or PIN and the second is either a physical token of some kind (key or card) or a biometric identifier such as a facial image or fingerprint scan. The idea is that whilst an attacker might well capture your password or PIN somehow, it is going to very difficult for them to also provide physical or biometric proof.

For an organisation that can issue its employees with smart cards, this scheme works very well, but such a move would be completely impractical (and hideously expensive) for Google. Their solution is to use your mobile phone, instead!

It works like this: you log in as normal with a username and password, but then you are taken to a second screen in which you must enter a six-digit verification code. This code is delivered to your phone (which you have previously associated with your Google account).

The system seems to be designed around the assumption that users will have an iPhone, BlackBerry or Android device running the Google Authenticator app. Whilst the verification code can also be sent via SMS, I wonder whether this will be quite as efficient. Fortunately, Google provide the option to authenticate like this once per computer rather one per login, which is easier (albeit at the cost of reduced security).

Saturday, 18 September 2010

Security & Social Networks

Talk about security in the context of social networks and many people will think first of privacy - perhaps citing Facebook's convoluted and controversial approach to this important issue as an example. But the risks run deeper than that. Security firm AVG reports that it has identified 11,701 compromised Facebook pages and 7,163 compromised YouTube pages.

AVG note that students between 18 and 25 years old are most at risk of having their Facebook status 'jacked'; this particular age group is the biggest user of Facebook whilst at the same time being significantly less concerned about Internet security and privacy than the average member of the population.

Something to think about the next time you log on?

Friday, 3 September 2010

The Joy of iTunes

I find it curious that a company lauded for its design skills when it comes to hardware can get it so wrong with software. My iPod Classic is an immensely cool and sexy piece of kit - almost lickable (to copy Stephen Fry's memorable description of his iPad) - and yet iTunes feels like the complete opposite: clunky, unintuitive, unreliable and fundamentally untrustworthy.

My negativity stems from the number of serious bugs that have plagued me ever since I started using this benighted piece of software - bugs which Apple seems to have no interest in fixing, preferring instead to add half-arsed new features such as Genius and Ping. Here are a few examples:
  • Album artwork that disappears from individual tracks or is reduced to a lower resolution, seemingly at random
  • Overwriting of my edits to album information (track titles, genre, etc) - again seemingly at random
  • Splitting of a single album into several identically-titled albums by the same artist for no apparent reason
I encountered another instance of the last of these earlier today and managed to fix it by making all the tracks 'part of a compilation' and then clearing this flag from all the tracks. Logical, huh?

This stuff isn't hard to do. I've not encountered any of these problems with the copy of my music library that I access from Linux using Banshee, for example. So how come a big, high-profile hardware/software developer can't get it right?