The Limits of TPM
Already over 20 million PCs worldwide are equipped with a tiny security chip called the Trusted Platform Module, although it is as yet rarely activated. But once merchants and other online services begin to use it, the TPM will do something never before seen on the Internet: provide virtually fool-proof verification that you are who you say you are.
Source: MSNBC
Wrong. It will prove that your machine is your machine.
Here’s a scenario:
Young person in a coffee shop with a laptop browsing the Web. They get up for a second – then (enter bad-guy), snatch and run. Now “bad-guy or gal” doesn’t need a password to login to your bank account online. Or savings, or Amazon account, etc.
That could be the not-so-distant future for two basic reasons.
1. People don’t use security.
2. Snatch and run is effective in any century.
Not to mention the privacy concerns. I have opened up a can of worms, feel free to add and take.
One thought on “The Limits of TPM”
Making sure your machine is your machine is important, but it must not be the only step in authorization. You must also authenticate the individual. If I’m a company with a VPN, I’d sure like to make sure that only my company’s laptops are attempting to connect to the VPN server—TPM is valuable for that. Once that’s done, I better authenticate the user too.
Comments are closed.