[danweber]

We need people to be able to regain access after losing a password, and we need only the right people to have that. This is a very hard problem.

One thing that we should have is a "cool down" period. If you want to regain access to, say, your GMail account, then it will take 48 hours of waiting, and phone calls and emails will go out to your contacts before that is completed, so the real person has a chance to protest.

I don't understand how the MacBook data was permanently lost. Even if the files were deleted in the OS, they are recoverable by disk utilities. Unless they were encrypted. Which just goes to say that when you think the solution to your problem is encryption, you don't understand your problem.

[cheald]

If you ever reach the point that your account is so hard to recover that it requires human customer service intervention, the recovery process needs to be tedious and thorough.

"Okay, I'll need a notarized copy of a photo ID and once we have that, we'll give you a call to the number we have on file to confirm the change."

It's not perfect, but it would require an extremely dedicated and targeted attack to bypass, as opposed to "Hi, I'm your pizza delivery guy. I took a look at the receipt before I delivered your pie, and now I know the last 4 on your CC, your billing address, and your name. Let's go iCloud fishing!"

[daigoba66]

I agree, if you get locked out and need to regain access it should as hard as possible to get back in.

On the flip side, we perhaps need to come up with something better than usernames and password for authentication. There are plenty of services where I simply cannot remember my password and/or username. I'm getting better about writing them down inside a password protected master file. But for many of those services I rely on the account recovery procedures; a vast majority of which are vulnerable once the attacker has access to my e-mail inbox.

[cheald]

The problem is simply that if things are easy enough to remember, they're easy enough to crack or brute force. If they're too hard to remember, people will forget them and have to recover them.

I use LastPass and just generate a new random password for every new account. If I ever forget my LastPass password, I am boned (since it's the encryption key for my data!), but I don't worry about forgetting passwords anymore, and I don't worry about RandomSite getting hacked and my password being leaked. It's not perfect, but it's good enough.

[DHowett]

On Apple devices, I believe that remote wipe is "Change the encryption keys for the block storage. It's as good as random data now."

That might also be why a PIN is available for "stopping" the wipe. (As an aside: the group got what they wanted, and one of the members even seems remorseful: they have the PIN necessary to unlock the device, but this was never touched upon.)

At the very least, that is why iOS devices take split seconds to "wipe", as opposed to the time it would take to write thirty-two billion nul bytes to flash.

[jarcoal]

I assume the remote wipe zeros out the data a few times, otherwise the feature is somewhat useless.

[prawn]

If you're trying to remote-wipe your computer so that a thief doesn't access your sensitive data, wouldn't you want the data to be lost permanently?

[danweber]

Could be. But that's a very different problem.

Old-school computer security breaks things down into the CIA categories:

Confidentiality is for things you want secret. Integrity is for things you want to not be altered. Accessibility is for things you want to be able to reach.

Honestly, very little of data requires confidentiality. Yet that's what encryption is usually used for. I would, by an order of magnitude, rather have a hacker gain access to my family photos than have them deleted beyond my ability to recover.

I hate whole-disk encryption. In nearly everything in my life, the threat of losing access to my data is vastly worse than someone else accessing it.

[cstejerean]

Losing a laptop can and will happen at some point. At that point, if you don't have a backup you will lose access to your data period. Full disk encryption means nobody else will get to that data.

Keep an unencrypted backup in a secure location, not on a device you are bound to lose in a coffee shop or airport.

[steve8918]

I encrypt the entire disk of my laptop. That can contain potentially important information, and it also has the best chance of being stolen or lost. I can keep relatively important piece of information on my laptop now after I installed TrueCrypt and encrypted my entire disk. It makes hibernating my laptop about 20x slower, so I stopped doing that, but it's completely worth it.

[prawn]

Interesting - hadn't heard that CIA thing before.

I run a business. A good deal of what is on my laptop I would put in the confidentiality category. I guess apps and settings would come under integrity.

[danweber]

Yeah, one of the points of CIA is to help you identify which problems you want to fix. A lot of business assets do require confidentiality, and you have to spend correspondingly more money and time dealing with it.