“It’s difficult to make predictions. Especially about the future,” Yogi Berra famously stated. While this may be true for general predictions, I don’t believe it’s true for Internet security predictions.
By training, I am a cryptographer. In the late ’90s, I realized that Internet security wasn’t really about cryptography or even how protocols were implemented. Instead, it was about people and their actions. I believed criminals would start circumventing Internet security measures — authentication, in particular — by tricking people, using techniques we now refer to as “phishing.” However, no one else at that time seemed to believe that this type of deception would ever be successful.