Google, Microsoft Push Websites to Go Password-Less

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Microsoft and Google are pushing for a password-less login system called FIDO 2.0 that uses unique private keys generated by scanning a user’s fingerprint or face for access. An Android phone’s fingerprint sensor could be used to approve a purchase on PayPal, for instance.

Both Microsoft and Google have been pushing for FIDO 2.0's adoption. They're preparing to build the authentication technologies into their own internet browsers. On Monday, Microsoft said the next Windows 10 release would also support the standard too.
 
Pure Low Attention Span Investor service.

Even if it was practical. How much do you think I'd like to be locked out of my accounts because I accidentally got glue or paint on my fingers or injured them. Hell for about 3 wks my finger tips got dry this last winter and couldn't unlock my phone 90% of the time.
 
So their solution to passwords is to force the use of smartphones that have a high rate of being compromised by malware? No thanks. And I haven't always done the shower and shave thing when I access online accounts so facial recognition will probably have a high fail rate as well.

If they really wanted to improve online security, they would ban the use of email addresses as account names.
 
minority-report-2002-movie-tom-cruise-john-anderton-eye-surgery-spider-scene-probe-review.jpg
 
One way to create an international fingerprint and facial recognition database for governments. All for the key idea, just perhaps not using fingerprints and faces.
 
Dead Parrot said:
So their solution to passwords is to force the use of smartphones that have a high rate of being compromised by malware? No thanks. And I haven't always done the shower and shave thing when I access online accounts so facial recognition will probably have a high fail rate as well.

If they really wanted to improve online security, they would ban the use of email addresses as account names.
Click to expand...

With my insurance company you have to enter username, password, then click and drag an icon to unlock, not as easy to do with simple random password generation. Also if they implemented a three strikes type system it would thwart the automated attacks. Just simply make it if you enter three wrong passwords you have to wait an hour before you can try again, then it would take centuries to crack by simply using random generated passwords and waiting an hour after each triple failure.

With biometric it could easily be that you get a black eye and you can no longer log into your health care account, when you really need it (assuming facial recognition).
 
Cold day in hell.

Sooooo, instead of banking online, we will be driving back to the banks to do business.
Instead of buying from online stores, we are going to be filling the malls again.
Instead of managing our investments online, we will be back to visiting the investment houses to handle them.

Damn,....I need to get a commuter car!
 
Given how much personal data is being collected, I wouldn't be surprised if my computer just started asking me personal questions when I want to log in like what did I have for breakfast yesterday. I'm sure Alexa, Google Assistant, or Siri are listening in at all times...
 
Considering Equifax is still in business, why should I ever share my biometrics with anyone, if there's no recourse for breach?
 
And they don't even need your fingerprint, they just need the hash or whatever that gets generated from your fingerprint scanner. Then they can use that to generate these tokens and have silent access to all your accounts/data. Yea, that definitely sounds more secure than passwords.

And lets not forget that fingerprint unlocking is not protected with the same constitutional rights as a password. They can compel you to unlock with your fingerprint, but can't do the same with a password without a warrant. Fuck using biometrics as an authentication method. There is absolutely nothing good/secure about it.
 
Yes, yes, I can't wait for the day that, instead of taking me to an ATM so I can type my PIN and they run away with my money, they just take my card and rip my hands off instead.
 
Yeah...no.

I'd prefer SQRL (which W3C and Google have both shown interest in) become the password replacement.
 
alas.. sadly.. the masses will be looking at this and go.. WOW thats AWESOME. sign me up!!!

just like they let chrome/FF save every username/password for them

because its soo convenient
 
katanaD said:
alas.. sadly.. the masses will be looking at this and go.. WOW thats AWESOME. sign me up!!!

just like they let chrome/FF save every username/password for them

because its soo convenient
Click to expand...

The is the first thing I turn off in FF, just wish it was off by default.
 
You must log in or register to reply here.
Back
Top