There's a reason why my cat doesn't need two-factor authentication

A rinky tinky tinky

Something for the Weekend, Sir?

Access denied. Enter Access Code.

That's a good start. Just a few moments ago I was handed a card on which is written, in blue ballpoint, a newly compiled string of alphanumerics that is supposed to identify me as a unique user. Oh well, maybe I fumbled the buttons. Let's try again.

Access denied. Enter Access Code.

I am standing in the driving rain – this is London in the summer – in front of a large electronically operated vehicle barrier that keeps the riff-raff from getting anywhere near the car park and loading bay behind the building where I am to be working this week.

The vertical stainless steel keypad into which I am pushing my access code is weather-resistant. I am not. You'd think they could have installed the keypad at car-window level but no, it's at lorry level. And it's not on the driver's side anyway, so anyone not rolling up in an unmodified US or continental import vehicle is forced to exit and walk over to the access terminal.

Access denied. Enter Access Code.

As far as it is concerned, I am riff-raff. I look behind me to see a steel-grey car has pulled up behind mine. Steel-grey = bland, unimaginative, company car, must be management. As I trudge back towards the street entrance around the corner to ask the security desk for an alternative access code, remembering this time to express an explicit preference for one that actually provides access, I notice the driver in the grey car has started to harrumph.

Security systems like this exist to protect me and my possessions, whether physical or electronic. They keep out the nasties and foil the mischievous. They allow access to the honest and prevent it to the unauthorised.

They are a pain in the arse.

Security is essential, of course, but only for other people. Not me. I'm the nice guy here and this sodding keypad is stopping me from getting in.

But then security authentication is one of those functions whose philosophical concept is hampered by self-contradictory details of its own design. To pick a topical example, it is the right of European Union citizens to enjoy free movement between EU countries without being stopped by border controls. However, how can the border controls know whether you are an EU citizen or not unless they stop you to ask for your EU identification? So it's only by presenting your passport or ID card that you can exercise your right not to have to present your passport or ID card.

The forces of law and order, from police to night club bouncers, face the same recursive logic. Why do they insist on frisking me? Why can't they concentrate their stop and search efforts only on those who are carrying concealed weapons?

As they say, there is a fine balancing act between adequate security and easy user experience. My cat has it easy: he was chipped at the rescue centre when we acquired him, and now he just wanders in and out of the house via a cat-flap that unlocks only when it detects his unique code.

The system also allows my cat to entertain himself by sitting indoors, looking though the clear plastic flap and waiting for other cats to come near. When they do, he leans forward so that the electronic detector unclicks the flap, daring the other cat to enter, then chuckles to himself as the potential intruder bashes its head on the door just as it locks itself again automatically.

Mind you, any electronic system has its failings. In the case of the cat-flap, it's the need to change the batteries. They always seem to run out at 3am on the morning that we're setting off on holiday and I end up having to race around the neighbourhood hunting for all-night petrol stations that can sell me eight AAs.

Batteries aside, what makes it so consistently reliable for my cat, and only my cat, to come and go without interference is partly the system's ease of use: his ID is surgically inserted in the scruff of his neck. This kind of tech isn't exclusive to feline operatives. Employees working in security-critical environments have been known to get chipped in the fleshy bit between thumb and forefinger, allowing them to open electronically locked doors by gesturing an Air Wank.

I did say "partly". The challenge with digital security systems is that they are fluid and programmable, therefore re-programmable or liable to interference by unwanted external forces. The only reason it works brilliantly for my cat is that the other cats in my neighbourhood don't have any programming skills. This isn't the case for humans. For us, whatever security system you roll out has to be protected by additional levels of alternative security, and so the ease-of-use aspect quickly evaporates.

One method that is slowly gaining momentum is ground-level invisibility. If you don't want social media giants to slurp and misuse your personal data, don't give them any to start with. For many of us, it's a bit late to wipe clean our muddy online footprints without expert help but, to mix a clothing metaphor, the sooner you zip up the better.

To my mind, like the first rule of Fight Club, anyone who blogs about IT security is stumbling at the first hurdle. It's another of those contradictions in data security culture that talking about security in public is likely to make yourself a target and therefore less secure, and you can't blame the rest of us for questioning your expertise and motives. It's a bit like horoscope writers who consistently fail to win the Lottery or get-rich-quick life coaches who still aren't rich enough to stop being a get-rich-quick life coach.

Returning to my car with the time-honoured advice "Try it again now" still ringing in my ears as rainwater dribbles down my neck, I see several more cars are queueing behind the grey one, waiting for mine to make way at the front. It is a harrumphing convention but nobody risks stepping out into the rain to assist. Righty, let's give it a go.

Access denied. Alarm On.

Ooh, that's a new one. Perhaps I'm getting somewhere. One more try?

Access denied. Commencing Lockdown.

A pair of amber lights illuminate and begin swirling dramatically through the driving rain. A rolling steel shutter shuts off the entrance with a metallic scream. It's like I'm inside a Ridley Scott movie.

Enter 2FA Code. Press ? For Help.

I oblige and spend the next 10 minutes reading instructions in a 13-character LCD strip above the keypad on how to register myself online as a new user at a website that requires me to override a security warning just to see it, only to discover that I must update Google Authenticator before being asked to point my phone's camera at the QR code that is now showing on my phone's display.

The rainstorm intensifies but, hey, look on the bright side: I can no longer hear the harrumphing. It is being drowned out by the honking of car horns.

Oh to be a cat.

Youtube Video

Alistair Dabbs
Alistair Dabbs is a freelance technology tart, juggling tech journalism, training and digital publishing. He would like to apologise to readers who may recently have lost a loved one in a freak car park barrier accident. He also apologises for failing to warn readers that this week's column features some strong language and flashing images. @alidabbs

Other stories you might like

  • Robotics and 5G to spur growth of SoC industry – report
    Big OEMs hogging production and COVID causing supply issues

    The system-on-chip (SoC) side of the semiconductor industry is poised for growth between now and 2026, when it's predicted to be worth $6.85 billion, according to an analyst's report. 

    Chances are good that there's an SoC-powered device within arm's reach of you: the tiny integrated circuits contain everything needed for a basic computer, leading to their proliferation in mobile, IoT and smart devices. 

    The report predicting the growth comes from advisory biz Technavio, which looked at a long list of companies in the SoC market. Vendors it analyzed include Apple, Broadcom, Intel, Nvidia, TSMC, Toshiba, and more. The company predicts that much of the growth between now and 2026 will stem primarily from robotics and 5G. 

    Continue reading
  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading

Biting the hand that feeds IT © 1998–2022