DailyDirt: Passwords Suck, But What's Better?
from the urls-we-dig-up dept
Every service wants you to create a username and password... and it all begins to pile up after a while. Users try to make things easier for themselves by re-using passwords, but you're really not supposed to do that. What are you supposed to do? Well, password management software exists, but only the truly paranoid folks spend the time to figure out which one of those is the one that works best for particular use cases and then actually set it up. (And then shit happens anyway.) Some companies are trying to figure out other solutions -- here are a few of them.- Apple has its fingerprint sensor, but a 4-digit PIN will be replaced by a 6-digit PIN soon. Yippee! It's not much of an improvement, but a brute force attack will take a bit longer for the bad guys. [url]
- Would you want to replace a password with a brainwave measurement? Electroencephalograms (EEGs) could verify your 'pass-thoughts' for allowing access to a secure system. Maybe it'll be harder to forget your 'pass-thoughts' or maybe it won't? Or someone might say, "Don't think about your password!" and run off with your EEG waves before you stop yourself from thinking... [url]
- Google is working on a way to identify users from their usage patterns -- how different people type or swipe or interact. It's supposedly "up to" 10x better than other methods, but what happens if you hurt your wrist or something? [url]
- Paypal is suggesting an 'ingestible' (embeddable or injectable) device to serve as a person identification dongle. Implanted devices better be painless to inject and remove! Is it safe? [url]
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: authentication, biometrics, brainwaves, brute force attacks, dongles, eeg, ingestibles, pass-thoughts, passwords, pin, security
Companies: apple, google, paypal
Reader Comments
The First Word
“This is just my opinion
But I wish people would stop thinking of biometrics as a replacement for passwords. Think of them as a replacement for your username, but not as a replacement for a password.Subscribe: RSS
View by: Time | Thread
This is just my opinion
[ link to this | view in chronology ]
Re: This is just my opinion
[ link to this | view in chronology ]
Re: This is just my opinion
It sure sounds like it might be more like personal recognition, but what if the identifying engine is only looking at a file, that might include some code to fudge a body temperature at the same time?
To that extent, with SSN's and other data becoming so public, even with my passport and state issued photo drivers license, just how does one prove they are who they say they are?
[ link to this | view in chronology ]
Re: This is just my opinion
[ link to this | view in chronology ]
Re: This is just my opinion
We feel strongly about the biometric we use because it has no law enforcement value and would be extremely hard to forge because the biometric is the vein pattern of a finger tip. The pattern is different finger to finger so you can use one finger for work and another for personal. Cutting off someone's finger will not work as blood must be coursing through the veins. We even read blood pressure and oxygen content letting our employees know if they may need to see a doctor.
The point is that to eliminate fraud and to protect certain assets I need to be sure you are who you say you are and finger-vein technology is one of the best biometric passwords you can use. So I totally disagree with you and I say you are very wrong!!!!!!
[ link to this | view in chronology ]
Big changes in typing patterns...
I sort the passwords into the really valuable ones and the lesser valued ones, memorize just a few, and keep the rest in my little black book.
[ link to this | view in chronology ]
PayPal
Then after 10 or 15 years of watching their behavior I might think about the possibility of considering ingesting something they might suggest assuming FDA approval and 20 years of other people using it without ill effect.
So, not in my lifetime.
[ link to this | view in chronology ]
Re: PayPal
It's a similar issue with biometrics - if your finger is the key to your stuff, crooks won't hesitate to lopp it off to get the goodies.
[ link to this | view in chronology ]
Re: Re: PayPal
[ link to this | view in chronology ]
Re: PayPal
What? Making it so easy to pay for stuff and send money around that they've become the default payment system for the Internet? Having a tech support system where it's easy to reach a real human being? Running a mature, stable platform that's been around since the 90s, so you can be confident it will still be there tomorrow?
Why would that track record make you want to not have anything to do with them?
[ link to this | view in chronology ]
Re: Re: PayPal
[ link to this | view in chronology ]
Re: Re: Re: PayPal
A few times I've heard innuendos about how "everyone knows" that PayPal is evil and loves to screw its customers over. It's a lot of the same stuff you hear about Google, except with even less in the way of actual examples of customers getting screwed over.
All I know personally is, I've been using PayPal pretty much forever and never once had a bad experience with their service.
[ link to this | view in chronology ]
Re: Re: Re: Re: PayPal
Not Paywalled
[ link to this | view in chronology ]
Re: Re: Re: Re: PayPal
https://www.techdirt.com/blog/?company=paypal
[ link to this | view in chronology ]
http://sqrl.pl/guide/
and this link is Gibson's explanation which is fairly information dense.
https://www.grc.com/sqrl/sqrl.htm
[ link to this | view in chronology ]
Re:
NO.
[ link to this | view in chronology ]
Re: Re:
I'm not seeing where they say this on the link above, nor on the link posted below...
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Keypairs
[ link to this | view in chronology ]
I'm with Phil
We use asymetric crypto for 2FA, but apparently not for one-factor authentication. Damned if I can work out why.
[ link to this | view in chronology ]
SQRL
Its so easy, it looks like it shouldn't work. But is does.
[ link to this | view in chronology ]
Well, there is convenience, but such a device needs be universal.
Only something entirely in the user's memory can't be stolen.
Also, from a legal perspective, the courts could order the surrender of such a device, they can't compel you to testify your password.
But let's say we did have some universal biometric, such as a finger print reader, then governments could demand it as standard equipment and then know who you are with reasonable certainty all the time. You could be blocked from all internet connected devices. tracked.
[ link to this | view in chronology ]
Re:
Not all forms are easily duplicated, but the vast majority are. The bigger problem, though, is this: If your physical identity is stolen, there's no way for you to change your "credentials". You're simply screwed.
[ link to this | view in chronology ]
No way!
[ link to this | view in chronology ]