Google, Microsoft Push Websites to Go Password-Less

Discussion in 'HardForum Tech News' started by Megalith, Apr 22, 2018.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
    Microsoft and Google are pushing for a password-less login system called FIDO 2.0 that uses unique private keys generated by scanning a user’s fingerprint or face for access. An Android phone’s fingerprint sensor could be used to approve a purchase on PayPal, for instance.

    Both Microsoft and Google have been pushing for FIDO 2.0's adoption. They're preparing to build the authentication technologies into their own internet browsers. On Monday, Microsoft said the next Windows 10 release would also support the standard too.
     
  2. YARDofSTUF

    YARDofSTUF [H]ard|Gawd

    Messages:
    1,469
    Joined:
    Jun 19, 2001
    I really hope stuff like this doesn't force me to get a smart phone.
     
    ElementDave, WhoMe, Armenius and 7 others like this.
  3. SvenBent

    SvenBent 2[H]4U

    Messages:
    3,141
    Joined:
    Sep 13, 2008
    So when they leak the data base of fingerprints and face so somebody can use them to login. How do we change them again?
     
    WhoMe, katanaD, Armenius and 9 others like this.
  4. 1_rick

    1_rick Gawd

    Messages:
    594
    Joined:
    Feb 7, 2017
    Yeah. Biometric identification? No thanks.
     
    Armenius, Chupachup, BSmith and 9 others like this.
  5. gtrguy

    gtrguy Limp Gawd

    Messages:
    146
    Joined:
    Oct 8, 2009
    Nope, fuck this.
     
    Armenius, Chupachup, BSmith and 8 others like this.
  6. Jagger100

    Jagger100 [H]ardness Supreme

    Messages:
    7,503
    Joined:
    Oct 31, 2004
    Pure Low Attention Span Investor service.

    Even if it was practical. How much do you think I'd like to be locked out of my accounts because I accidentally got glue or paint on my fingers or injured them. Hell for about 3 wks my finger tips got dry this last winter and couldn't unlock my phone 90% of the time.
     
  7. Nenu

    Nenu [H]ardened

    Messages:
    18,961
    Joined:
    Apr 28, 2007
    You can be sure if MS is pushing for something like this, its bad for us.
     
    clockdogg, Travolta, Armenius and 3 others like this.
  8. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,980
    Joined:
    Nov 1, 2012
    This has nothing to do with passwordless operation, it's about biometric identification of users. Pure data harvesting and marketing purposes.
     
    clockdogg and mynamehere like this.
  9. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,551
    Joined:
    Mar 4, 2013
    So their solution to passwords is to force the use of smartphones that have a high rate of being compromised by malware? No thanks. And I haven't always done the shower and shave thing when I access online accounts so facial recognition will probably have a high fail rate as well.

    If they really wanted to improve online security, they would ban the use of email addresses as account names.
     
    Armenius and mynamehere like this.
  10. Term-X

    Term-X 2[H]4U

    Messages:
    2,409
    Joined:
    Apr 21, 2001
    Multi-factor or bust.
     
    clockdogg, Armenius and Chupachup like this.
  11. gxp500

    gxp500 Gawd

    Messages:
    865
    Joined:
    Mar 4, 2015
    I'm sure some 3 lettered agencies are pushing for this, passwords you can "forget", biometric data you can't and can be easily compelled to give up.
     
    Travolta, Armenius and mynamehere like this.
  12. Gottfried Leibnizzle

    Gottfried Leibnizzle Limp Gawd

    Messages:
    253
    Joined:
    Apr 29, 2015
  13. Anarchist4000

    Anarchist4000 [H]ard|Gawd

    Messages:
    1,659
    Joined:
    Jun 10, 2001
    One way to create an international fingerprint and facial recognition database for governments. All for the key idea, just perhaps not using fingerprints and faces.
     
    mynamehere likes this.
  14. Patton187

    Patton187 Gawd

    Messages:
    668
    Joined:
    Feb 12, 2012
    We grow closer to a dystopian hell each day. EMP blast the whole thing I say.
     
    Tekara, clockdogg, Travolta and 2 others like this.
  15. cdr_74_premium

    cdr_74_premium [H]ard|Gawd

    Messages:
    1,579
    Joined:
    Oct 20, 2010
    At first it was a convenience, now it's flat out mandatory. You just don't have an username anymore.
     
  16. jedijeb13

    jedijeb13 Limp Gawd

    Messages:
    302
    Joined:
    Feb 15, 2017
    With my insurance company you have to enter username, password, then click and drag an icon to unlock, not as easy to do with simple random password generation. Also if they implemented a three strikes type system it would thwart the automated attacks. Just simply make it if you enter three wrong passwords you have to wait an hour before you can try again, then it would take centuries to crack by simply using random generated passwords and waiting an hour after each triple failure.

    With biometric it could easily be that you get a black eye and you can no longer log into your health care account, when you really need it (assuming facial recognition).
     
    Armenius and mynamehere like this.
  17. amddragonpc

    amddragonpc [H]ard|Gawd

    Messages:
    1,996
    Joined:
    Sep 20, 2012
    Screw that! This is biometric data collection plain and simple.
     
    Travolta, Armenius, Chupachup and 2 others like this.
  18. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,980
    Joined:
    Nov 1, 2012
    I have multiple 'burner' e-mail accounts that I use for sites that require e-mail addresses. That's about the only thing the free online e-mails are good for.
     
    Armenius and Chupachup like this.
  19. BSmith

    BSmith [H]ard|Gawd

    Messages:
    1,323
    Joined:
    Nov 9, 2017
    Cold day in hell.

    Sooooo, instead of banking online, we will be driving back to the banks to do business.
    Instead of buying from online stores, we are going to be filling the malls again.
    Instead of managing our investments online, we will be back to visiting the investment houses to handle them.

    Damn,....I need to get a commuter car!
     
    clockdogg and Armenius like this.
  20. jcollett69

    jcollett69 Limp Gawd

    Messages:
    139
    Joined:
    Jan 5, 2016
    Given how much personal data is being collected, I wouldn't be surprised if my computer just started asking me personal questions when I want to log in like what did I have for breakfast yesterday. I'm sure Alexa, Google Assistant, or Siri are listening in at all times...
     
  21. darckhart

    darckhart Limp Gawd

    Messages:
    237
    Joined:
    Jun 15, 2013
    "ERROR. Your username or FACE is incorrect. Please try again."
     
  22. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,440
    Joined:
    Jul 11, 2005
    Considering Equifax is still in business, why should I ever share my biometrics with anyone, if there's no recourse for breach?
     
    clockdogg likes this.
  23. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,224
    Joined:
    Nov 16, 2009
    And they don't even need your fingerprint, they just need the hash or whatever that gets generated from your fingerprint scanner. Then they can use that to generate these tokens and have silent access to all your accounts/data. Yea, that definitely sounds more secure than passwords.

    And lets not forget that fingerprint unlocking is not protected with the same constitutional rights as a password. They can compel you to unlock with your fingerprint, but can't do the same with a password without a warrant. Fuck using biometrics as an authentication method. There is absolutely nothing good/secure about it.
     
  24. cdr_74_premium

    cdr_74_premium [H]ard|Gawd

    Messages:
    1,579
    Joined:
    Oct 20, 2010
    Yes, yes, I can't wait for the day that, instead of taking me to an ATM so I can type my PIN and they run away with my money, they just take my card and rip my hands off instead.
     
  25. Vermillion

    Vermillion [H]ardness Supreme

    Messages:
    4,112
    Joined:
    Apr 5, 2007
    Yeah...no.

    I'd prefer SQRL (which W3C and Google have both shown interest in) become the password replacement.
     
  26. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,987
    Joined:
    Nov 15, 2016
    alas.. sadly.. the masses will be looking at this and go.. WOW thats AWESOME. sign me up!!!

    just like they let chrome/FF save every username/password for them

    because its soo convenient
     
  27. jedijeb13

    jedijeb13 Limp Gawd

    Messages:
    302
    Joined:
    Feb 15, 2017
    The is the first thing I turn off in FF, just wish it was off by default.