Google Tops List Of Companies Trying To Kill Passwords

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Real nice Google, what did the password ever do to you? Won't somebody please think about the passwords?

People don't put enough thought into passwords because it's a pain, but that creates security problems for the whole internet. Google, Microsoft and others in the FIDO Alliance want to replace passwords with fingerprint scanning and other techniques, and just unveiled 31 products from 16 companies that conform to the new standard.
Click to expand...
 
Biometrics are uniquely linked to a single person. It makes it easier for Google to keep track of you regardless of what alias you adopt because each individual identity can be linked to the same set of finger prints or DNA sample for the purposes of data mining under the guise of making access to your "free" services simpler. You go Google!
 
Let me get this straight, google wants to replace passwords with products? Products can be seized by you know who, passwords can't... sorry i don't recall the password judge.
 
FIDO uses a public key encryption mechanism for authentication, its true that if someone steals your card (or what the formfactor is, usb, mobile phone, digital card etc) that they will have full access.

I am fairly certain that there will be versions of the standard that allows pairing the digital device with a more "soft" passcode for a proper strong 2h notification to eliminate the risk of device theft.

Thus compromising either one will not be enough.
 
I have a better idea. How about we retrain admins to stop requiring retarded passwords no one can remember. Then train people how to create secure easy to remember passwords? You know, instead of pushing technology (biometrics) that isn't secure and is so easily broken it makes even bad passwords seem secure.
 
Fingerprint scanning? Has Google not seen the hands of the average builder, car mechanic, etc? What if you are a cook and manage to burn your thumb? Smudging the fingerprint. A plasterer with hands covered in glue? Is Google assuming everyone works in an office with perfectly manicured hands?

This seems more about tracking and stopping account sharing.
 
Passwords are such a minor security issue. Easy to guess passwords are only a problem if someone yanks the entire user database of a service, and then runs the encrypted hashes against a rainbow table. Common dictionary words can be found pretty quickly.


But that's the server's fault for getting hacked, not the user's. This is basically blaming the victim.

I agree with others here that there is an underlying scheme here to more accurately target a user's identity. Once OS as a service are here, this will be a great way to know everything a user is doing.
 
Im so sick of the new password rules of 8 digits cap and numbers. No one guess passwords only time I ever lost an acount is when a site gets hacked or if its my pay pal once a year even though I never ues the dam thing
 
I find the FIDO implementation rather poorly done by Google.

If you've deleted your cookies, etc., yes you have to insert your key. But if you sign out during a session and sign back in it does not ask for the key again. Absurd.
 
CreepyUncleGoogle said:
Biometrics are uniquely linked to a single person. It makes it easier for Google to keep track of you regardless of what alias you adopt because each individual identity can be linked to the same set of finger prints or DNA sample for the purposes of data mining under the guise of making access to your "free" services simpler. You go Google!
Click to expand...

Problem with Biometrics is that when a server gets hacked and gets your finger print or eye ball print, they have everything about you. With a password they have until a change the password. I do have two eye balls and 10 fingers but that will get out of hand fast.

Passwords work, why change it? Oh yea, easier for Google to track you.
 
This is also going to try and lock down accounts to one person. Look at how many people account share. Especially something like a Hulu or HBO streaming account. Fingerprint checks mean only the account payer can watch and no more lending the account to a friend in a different location\country.

Going to cause chaos in the average household too. Will everyone need to have their own separate streaming account?

And what happens when someone dies or goes into hospital?
 
Sounds like a plan to have an identity token for everywhere I go which can be used to summarize all my activity.
 
tunatime said:
Im so sick of the new password rules of 8 digits cap and numbers. No one guess passwords only time I ever lost an acount is when a site gets hacked or if its my pay pal once a year even though I never ues the dam thing
Click to expand...

Uh-huh. And this is why some of my online passwords have to be 20-something + characters long. Because they were hacked multiple times prior to that.

2 factor authentication is what we need, just not this stupid biometric type of thing.
 
cyclone3d said:
Uh-huh. And this is why some of my online passwords have to be 20-something + characters long. Because they were hacked multiple times prior to that.

2 factor authentication is what we need, just not this stupid biometric type of thing.
Click to expand...

Uh-huh. And most likely you'll use sms on your phone as the 2nd factor, and say you're on vacation somewhere with spotty reception and suddenly you're locked out of everything.

Also this offers ZERO improvement to the situation that the site you're trying to access gets hacked and all their user emails get leaked.

https://haveibeenpwned.com/
 
cyclone3d said:
Uh-huh. And this is why some of my online passwords have to be 20-something + characters long. Because they were hacked multiple times prior to that.

2 factor authentication is what we need, just not this stupid biometric type of thing.
Click to expand...

They were hacked cause they have cheap IT staff that doesn't bother with things like Heartbleed. That or they fired someone that happens to know everything about their security and then sold that info as compensation. Oh yea, and Sony stored their passwords unencrypted.

So instead of fixing that, they put the blame on your passwords. So now it needs to be 8 characters long and contain upper and lower case letters with numbers and special characters. What's the point when anyone who tries to guess my password will be met with security questions about my favorite color or my first car.

Doesn't matter because when one website gets hacked and my stupid ass is using the same password for everything from Facebook to my bank account, I'm screwed. That's why I use multiple passwords just in case. Now imagine using biometrics which is only one finger print for everything, and a website gets hacked. That's ok, I got 9 more fingers.
 
I only know one password now: My password to my LastPass database.

Everything else is 20+ character random characters.

And LastPass actually makes it easy for you to not have to worry about changing them when sites get compromised. Much easier to use than remembering minor variations on awkward passwords since too many people will try to retain something they already remember.

Use an encrypted password locker, allow it to generate unique, random passwords for every site and the problem ceases to exist.
 
You must log in or register to reply here.
Back
Top