Re: Currently they aren't even trying
"So if the industry actually wanted to provide a slightly more secure device, they'd offer it in 2 parts. One is the mobile part, which you carry around with you, but is essentially a terminal, the other one would be a device you can have at a physically safe space where you store all the data on and execute the actual code. Authentication would work via public keys (think of ssh) and the server would automatically remove the authorized key for the device if something is fishy, or after some time."
So what about people for whom phones are a pariah and don't keep any? In other words, how do you do two-factor authorization when the person refuses to keep a second factor. Plus, what if the thief is able to log in and establish a beachhead BEFORE you can nullify the credential (say he mugs you and knocks you out so you can't call the cops and so on before it's too late)?
"I personally think that the "but we need to catch criminals" thing is rather stupid. Police did catch criminals before they were carrying around lists of contacts with them. In fact, people used to remember phone numbers and addresses inside of their head."
They would counter "not enough of them," as the past was a pretty chaotic time. Just look at the Wild West and the times of the rolling bandits like Bonnie and Clyde.
Biting the hand that feeds IT
