The key to the easiest way of breaking into a system is, IMO, always going to be social engineering.
And when the author of the article started talking about a multiple check system based on multiple levels of personal data I just rolled my eyes and stopped reading.
What he says the problem is: Passwords are not a viable security measure
Yet most of the detailed hacks he mentions were via someone gathering personal data and using "social engineering" to obtain the password.
Personal data questions are silly. Questions that any family or friend would know the answers to. Hackers would know what sites ask what questions. So now someone just needs to gather the info and facebook is nice enough to give a head start by providing a list of family and friends to query.
And after all, how does this personal data unlock your online account?
1) By typing it in - susceptible to all the same hacking as passwords, such as key loggers or mirror websites
2) Storing the answers on servers - susceptible to all the same hacking as passwords
The use of personal data is susceptible to all the same things a password is, but then it's also susceptible to "social engineering".
I can't see how personal data is more secure than a password.
I do agree that the more you must provide, the more secure the system will be. However I'd opt for secure ID and other additional access verification methods over "hard coded" questions and answers that are easily gathered and repeated.
A truly secure system is one that is not connected to anything else at all. If it is connected, then there is a way in and that way is going to be compromised by users and the admins who run it, who are lazy.
Like how I secure my....
Sorry, I'm not going to tell people on a public website how I secure things other than one suggestion: When asked personal questions such as mothers maiden name or favorite ice cream flavor give a suitable random password or an unrelated phrase. If you have a poor memory, write this down and lock it in a safe where someone has to physically go to your home and get into your safe to get it.
Brute force hacking is an archaic method only viable on simplistic systems. It would be hard to gain access even with just a list of the 100 most common passwords. Most sites will lock the account after a certain number of failed attempts to gain access. Make sure financial and other accounts you think are important do such then get familiar with the method they use for unlocking the account and make sure someone can't easily gain access this way.
Don't log in from any system that you have any doubts about being safe from key logging or other bad software. Don't log in at locations that my not be secure. Do you know how many public places provide internet video feeds? Perhaps that train station your at or the restaurant your in is providing a video feed of you logging in.
======================
Regarding higher TL and Traveller.
Practically every web site needs a log in nowadays. Want to add a comment after a news article, forums like this or about your car or sports or other interests and you need to log in. I don't worry too much about someone hacking these. These types are extremely prevalent, and also designed to be extremely convenient and easy to access. To me, the same goes for social sites like facebook and even email systems. The security for these sites should not reflect the ability or lack thereof to secure things at our TL but instead may be more related to our social level and desire to interact with everything from anywhere.
Overall, as TL goes up there is no reason the level of security will go up if people are more concerned with ease of access. Even with old tech methods you could implement security for a ships locker with both a traditional keyed lock and also a second lock with a combination. Heck, add a second set of locks and the requirement that two crew be present. High tech materials should make it hard to physically break in. Next, the keys are locked in a small high tech case only opened by proper thumbprint, eye scan and voice command.
The point is that, like the article did say, there is a compromise between ease of access and security.
For me, I believe that with an increase in TL, the security level of devices does increase. I could postulate a brain wave scanning device that verifies a user. How about something that is swallowed and provides an encrypted transmission based on the bio signature of the host and a complicated secure ID like algorithm. Who knows what futuristic security measures are possible. I would leave such to individual GMs to decide on their own.
Nothing is completely secure. Off the top of my head a game mechanism might be something like
TL / AAC = UA
TL = Tech level
AAC = Authorized Access Convenience. A low number being something made very easy for users to access and a high number representing a something that is more complicated.
UA = Unauthorized Access. A high number being harder.
A higher UA could be represented by time, expertise, cost, availability (access to popper tools), risk and perhaps other things I'm not currently thinking of.
