End of the Line for Online Passwords?

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
According to David Marcus, President of Paypal, online passwords are on their way out and much sooner than you think. Biometrics and other technology will be the wave of the future with smartphone Apps and fingerprint scanners beginning to appear on phones as early as this year.

The fact is that the way we users typically deal with having multiple passwords for our online accounts makes us too vulnerable to spyware, phishing and identity theft.
Click to expand...
 
Agreed, next theyll wanna barcode us or inject computer chips in us to verify everything
 
Tgrove said:
Another +1 for big brother, bad in my eyes
Click to expand...

ssnyder28 said:
Agreed, next theyll wanna barcode us or inject computer chips in us to verify everything
Click to expand...

Actually, from a biometrics point of view, depending on the type of biometric, be it fingerprint, retinal, face, or whatever, it can be conceivable that from a government compulsion of giving up your password via a biometric would be more dangerous than compelling you to give them a memorized alphanumeric password.

As for barcoding or injecting chips into you, ymmv.
 
I'm more interested in the technology that will be used to circumvent these types of security procedures. Far more interesting.
 
Tgrove said:
Another +1 for big brother, bad in my eyes
Click to expand...
There's nothing which prohibits from working entirely on the client side. Given that, you would have absolutely nothing to fear.

Your phone may know your biometric data, but that doesn't mean everyone/the government/PayPal/Kyle Bennett would.
 
wonderfield said:
There's nothing which prohibits from working entirely on the client side. Given that, you would have absolutely nothing to fear.

Your phone may know your biometric data, but that doesn't mean everyone/the government/PayPal/Kyle Bennett would.
Click to expand...
The paranoid have absolutely everything to fear - that's kind of the idea.
 
Who said anything about being paranoid, we are consistently losing rights in this country, and that's a fact.
 
I'm sure that some crook will figure out that they can kill you and then cut off your finger and use it to drain your bank account.

Now that's convenience! :D
 
MajorDomo said:
According to David Marcus, President of Paypal, online passwords are on their way out and much sooner than you think. Biometrics and other technology will be the wave of the future with smartphone Apps and fingerprint scanners beginning to appear on phones as early as this year.
Click to expand...

David Marcus is an idiot. Biometrics are far less secure than a good password not to mention unreliable as hell. Sure they might replace passwords for the few idiots who are too dumb to remember theirs, but that is about it.
 
I'm only 24 but I'm glad I got to live life before the age of the Internet.
 
Tgrove said:
Who said anything about being paranoid, we are consistently losing rights in this country, and that's a fact.
Click to expand...
How does the use of biometrics for authorization on private websites diminish your rights?
 
Tgrove said:
Why would I ever need something like this?
Click to expand...

Didn't you read the earlier posts???

You need this because you are too dumb to remember your password(s). :p

In any case, what happens if you burn your finger or have an accident where you lose your finger(s)?

What then? You are totally screwed, that is what.
 
password_strength.png
 
DrDoug said:
I'm sure that some crook will figure out that they can kill you and then cut off your finger and use it to drain your bank account.

Now that's convenience!
Click to expand...

How ironic. One can still access their account after they're dead because of biometrics whereas a password would be gone when that user dies.


Posted from Hardforum.com App for Android
 
Perhaps a more relevant XKCD for this:



Biometrics isn't very secure if you're using the same biometrics for everything.
 
Cellphones don't even work in many parts of the USA, so this idea is dead in the water. Unless they are going to keep the old password system going for the people that live in areas without cellular service. Yes, I live in such an area. :)
 
Soralis said:
Biometrics isn't very secure if you're using the same biometrics for everything.
Click to expand...
That's why I own 20 cats and name them after the websites and programs I use.

Damn it. I'd go into more detail but Amazon and Newegg are going at it again.
 
More effective is two-factor authentication, two of the following
-Something you know (password)
-Something you have (smart card)
-Something you are (bio-metrics).

This way, passwords dont have to be 20 characters long, but it'd be harder for attackers to mimic. PCI requires this to access sensitive (ie Credit Card information) data. At work we have smart cards and put a personal pin. That way if someone steals our smart card they still dont have access, and if they somehow steal our password (say there's an idiot that saves it in an insecure location), they would still need our smart card to get access. Biometrics plus simple passwords would probably be the sufficient for most consumer use for a while.

Security is only as strong as the weakest link though, which often is just the unaware user. Even biometrics cant save people form being idiots when it comes to protecting access. Usually the easiest way is through social engineering and with back door access for "convience", Forgot your password? What high school did you go to (publicly available)? INSTANT ACCESS
 
When you finger print signature is compromised, good luck changing it .
 
cyclone3d said:
In any case, what happens if you burn your finger or have an accident where you lose your finger(s)?

What then? You are totally screwed, that is what.
Click to expand...

No, they will probably have the (Forgot Your Password) option but in a finger sense, like having backup of other finger's prints.

Also for all you people who think your rights are being lost when you use a finger print instead of a password, think of this idea: a password OF your fingers like: Pinky, Thumb, Ring Finger, other pinky... and so on...
Ding, your logged in!
 
caddys83 said:
Good, i hate typing passwords on a cell phone
Click to expand...

This SO MUCH.

I really hate typing them on my smartphone even though its one of the largest out their (Note 2).

I would gladly pay an extra $25-50 for a fingerprint reader.
 
Dekoth-E- said:
David Marcus is an idiot. Biometrics are far less secure than a good password not to mention unreliable as hell. Sure they might replace passwords for the few idiots who are too dumb to remember theirs, but that is about it.
Click to expand...

THe point being made is that the automated pasword cracking systems are reaching epic levels of sophistication. So much so that the entire idea of passwords might have to be thrown out.
 
A laptop I have at work has a fingerprint scanner. It's easier to just type in my password.

Also, fingerprints have been compromised years ago. People have already shown that you can create fake fingers from the print off a glass. They're called "gummys". Have fun wiping down everything you touch.
 
rudy said:
When you finger print signature is compromised, good luck changing it .
Click to expand...

Yeah, that's the problem. Once compromised, you're hosed everywhere.

The other problem is I see that its been long enough everyone forgot the Mythbusters episode where they lifted a fingerprint and fooled biometric scanners.
https://www.youtube.com/watch?v=3Hji3kp_i9k

And then there's always forcibly taking your finger from you. Fillet the skin off the end of it and put it over your finger and you have what mythbusters did in a matter of seconds.
 
its a way to tie our physical body with the value of information we have online.

like others have mentioned, people will wake up with fingers missing
people found dead
people mutilated for information..
 
You are going to see Biometrics + Passwords coexist for some time. "Something you have" plus "Something you know" is FAR more powerful a security then either alone.
 
The stuff needs to be combined with passwords or at least a voice-catchpa, because it's not just in fiction that peoples fingers get cut.
 
If you take that further, that even any two combined is still largely easy to compromise in the long run, an easy conclusion is to take authentication out of the hands of the end user. No passwords, no smart cards, and no specific biometrics used every time. Just an infrastructure itself determines user access. A network where, no matter who you are from the CEO to the angsty teeanager looking to buy condoms without his parents knowing, none of them ultimately have any power on attaining network access. The network itself determines the variables through an AI that has learned how to do so on its own and therefore makes judgements for access based on anything from user habits, to vital signs, to the sound of the vehicle that pulled into the garage five minues prior. A self-managed worldwide network infrastructure that has a compexity completely unknown to its creators.

Such a future would dramatically change how we, as a species, interact with the world in terms of technology. It would be a world where, ultimately, no human has any control over what is essentially their own life. It's more a thought experiment than anything but it certainly would be the plot for a dark and dystopic future, especially if it was ever cracked. For, in the pursuit of killing identity theft, it would create a situation where successful theft would be a single access point to the entirety of their lives that would be incredibly difficult to track down or prove due to the inherent nature of the concept. And one thing is absolutely true and that is the human desire to crack any code and to find the breaking point of any system.
 
I use a fingerprint for my laptop and like it. A lot faster than typing in a password.
 
Geef said:
No, they will probably have the (Forgot Your Password) option but in a finger sense, like having backup of other finger's prints.

Also for all you people who think your rights are being lost when you use a finger print instead of a password, think of this idea: a password OF your fingers like: Pinky, Thumb, Ring Finger, other pinky... and so on...
Ding, your logged in!
Click to expand...

I know what combo I'd use for the IRS.

Middle finger, middle finger, middle finger...;)
 
Spire3660 said:
THe point being made is that the automated pasword cracking systems are reaching epic levels of sophistication. So much so that the entire idea of passwords might have to be thrown out.
Click to expand...

Except that is completely untrue. Now I would buy the argument that current Password Rules may need to be thrown out and reworked, but the password can and always will be far more secure if done right. The problem is most people think Qwerty12@ is a good password, when in reality it is utter shit.
 
Breath_of_the_Dying said:
More effective is two-factor authentication, two of the following
-Something you know (password)
-Something you have (smart card)
-Something you are (bio-metrics).
Click to expand...

"Something you have" and "Something you are" are the same factor when dealing with remote authentication. It is a distinction without a difference. So really you only have 2 possible factors to challenge something known and something possessed.

The problem is "Something you are" is a weaker subset of "Something you have" because you can't revoke and reissue "Something you are" when it becomes compromised.

gamerk2 said:
You are going to see Biometrics + Passwords coexist for some time. "Something you have" plus "Something you know" is FAR more powerful a security then either alone.
Click to expand...

Biometrics is a weaker form of "Something you have", than a smartcard (or other security token).
 
You must log in or register to reply here.
Back
Top