Passwords are much maligned as an authentication method, but they are arguably considerably more green. Although you should also add building and operating all those call centers, which are needed to reset forgotten passwords, to the overall impact on the environment.
The issue of “green security” is not new, by any means. Someone asked Chris Hoff the question “Is the push for green security just a fad?” on searchsecuritychannel.com on January 29, 2008. Chris’s answer was “sort of.” He points out that it often costs more to produce a green product. I agree. One needs to include all aspects of the creation and use of greener products – their design, development, manufacture, transportation, operation and disposal. The bottom line is not always positive.
A number of security vendors have touted greenness in their marketing, particularly those companies whose technology combines several appliances or servers into a single device. Another view is that espoused by Richard Bejtlich in his blog TaoSecurity. On July 4, 2008, he expresses his personal tenet: move data, not people. The concept here is for him to acquire security data remotely, rather than have him fly to different locations. He refers to a June 25, 2008 article by Bill Brenner , senior editor at CSO Magazine, called “Cost-Cutting Through Green IT Security: Real or Myth” at www.csoonline.com/article/410513/Cost_Cutting_Through_Green_IT_Security_Real_or_Myth_ where Brenner discusses the important tradeoff between greenness and security effectiveness.
Popularity: 1%
One Comment
I would suggest two things in response to your comments on OTP.
Firstly, the bingo style cards that you speak of are actually less secure than even passwords, as they operate within a much smaller set of finite values. Not to mention that a simple phishing attack would reveal the entire card for future use by any fraudster.
Secondly, newer, greener technologies such as OTP’s generated by software applications on mobile phones and invisible user authentication based on things like device profiling, geo-location, authentication velocity etc. are becoming more popular.
I do agree that greener alternatives need to be considered however I do not believe that bingo cards are the answer.