> It improves security through the reduction in the scope of harm and eliminating single points of failure. If someone compromises your Candy Crush login they can't drain your bank account.
"Security through ad-hoc redundancy" is going to replace one possible-good auth systems with a gazillion shity ones that no one has the budget or interest to secure. It's a greater attack service.
> It improves security through the reduction in the scope of harm and eliminating single points of failure. If someone compromises your Candy Crush login they can't drain your bank account.
No, by all accounts FBI and CIA still hate each other and keep secrets. What we got is more surveillance (NSA dragnets), not more efficient use of the data they already have.
> What we got is more surveillance (NSA dragnets), not more efficient use of the data they already have.
Or we could just not do that anymore and still not have centralized authentication.
> "Security through ad-hoc redundancy" is going to replace one possible-good auth systems with a gazillion shity ones that no one has the budget or interest to secure. It's a greater attack service.
You mean attack surface. But that's the trade off.
Because none of them are actually secure. Even when you have a full time security team, there are still vulnerabilities. Before the attacker had to find a vulnerability at the DMV, then start over at the bank, then start over at every company's file server. Now instead the attacker only has to find one in the central authentication system and they get everything at once. Even if there aren't as many vulnerabilities, if there is even one, you're screwed beyond comprehension across all systems everywhere.
On top of that, widespread use cuts the other way. Suppose the system was originally deployed using sha1. That starts looking pretty weak so you begin the decade-long process of transitioning literally everyone to a system using something else. Then suddenly sha1 gets completely broken beyond all hope, but you can't stop using it because 15% of people haven't migrated away yet and that's too much of the world to abruptly cut off.
Whereas in the decentralized system only 15% of things would be vulnerable because the other 85% had already migrated and disabled sha1, and the important stuff like banks who have their own security teams would be in the 85%.
More to the point, there are other ways to reduce vulnerabilities without centralization. Use simpler, more stable software from vendors who spend more time on security and less time on feature bloat. Restrict local services to local users so they're not exposed to the internet. Use defense in depth so that a single vulnerability is not enough but the expense of finding five stackable vulnerabilities is uneconomically large relative to the value of compromising an individual system.
Whereas the only way to avoid the ominously large scope of compromise of centralized authentication is to decentralize it.
"Security through ad-hoc redundancy" is going to replace one possible-good auth systems with a gazillion shity ones that no one has the budget or interest to secure. It's a greater attack service.
> It improves security through the reduction in the scope of harm and eliminating single points of failure. If someone compromises your Candy Crush login they can't drain your bank account.
No, by all accounts FBI and CIA still hate each other and keep secrets. What we got is more surveillance (NSA dragnets), not more efficient use of the data they already have.