I have started to feel recently that information security recommendations are actually working against themselves…

As the economy is increasingly relied on infocommunication, IT crime has also become a bigger business. And we need more and more solutions to protect our systems. Which is increasingly difficult, if not impossible, for the masses to handle and understand.

Like the story of a sock and a hole that grows and grows … and dies finally.

Nowadays everyone should use a password manager to manage their credentials, PIN codes, credit cards and actually use different passwords on all the used websites and apps. We should not forget to activate at least one two-factor or multi-factor authentication. On more and more sites it is mandatory. But then we need account recovery solutions in case of lost a mobile device, etc…

I don’t really try to explain it to my parents. For my wife it’s just difficult, but also I find myself trying to limit the number of apps and online services I use to cause myself less hassle.

It is not good. I tend to feel humanity need a brand new, simple and secure solution. There is a plenty of room for innovation here.

I do not consider using passphrases instead of passwords is a solution. Doesn’t reduces the complexity of security at all.

Sending links in e-mail at every login attempt looks much better. Entering our e-mail address as user name and opening a link is much simpler. And it is enough to protect and set up a recovery solution for the e-mail account itself.

Using a Single-Sign-On solution would also be a better solution. But that is a solution again the masses probably will not want to learn…

I wonder what will be the only solution used by everyone in the end. I would vote for the e-mail sending as that is a stable and quick way of sending any info. Which never was the case with SMS.