Microsoft Says It’s Time to Kill Off the Password

Dekoth-E-

Supreme [H]ardness
Joined
Mar 23, 2010
Messages
7,599
How about no...A properly done password is easy to remember and infinitely more secure than any of these gimmick biometric security devices. How about instead we teach people how to create a proper password? Oh that's right..because corporations can't harvest as much data on you to sell with good password controls.
 
  • Like
Reactions: Madoc
like this

HockeyJon

[H]ard|Gawd
Joined
Dec 14, 2014
Messages
1,157
Yes it is superior.... Until it doesn't work.

It sux hard to get locked out of your precious because you scruffed your fingertips somewhere. And face recognition has been beaten time & again.
Yes, but the technology is still in its infancy. It will evolve like everything else, and ultimately it will be far better. How many times have we heard about a server being hacked and countless passwords leaked? If they can perfect biometric verification, it will be a far superior system.
 

RagingSamster

2[H]4U
Joined
Jun 6, 2003
Messages
2,901
Isn't this the same as requiring the enduser to use an authentication that they *against their will* can be quickly and easily coerced to provide - rather than just saying "take a hike" they can use your body against you. Complex passwords and two factor authentication keep the individual far more secure.
 

Dekoth-E-

Supreme [H]ardness
Joined
Mar 23, 2010
Messages
7,599
Yes, but the technology is still in its infancy. It will evolve like everything else, and ultimately it will be far better. How many times have we heard about a server being hacked and countless passwords leaked? If they can perfect biometric verification, it will be a far superior system.
Actually it isn't..Biometrics have been around for Decades..It is just the garbage they put on a cell phone in no way compares to biometric scanners that cost thousands or even tens of thousands of dollars. "It's in its infancy" isn't an excuse for everything and expecting the cheap crap implemented in a cell phone to ever compare to a real security system is laughable. It will NEVER be a superior system on a cell phone.
 

GandraZz

n00b
Joined
May 2, 2015
Messages
15
It's just ultimate data mining. They gonna combine web and IRL data and track you everywhere with cameras. All this already happening, but not combined in one package.

Who wouldn't want to know everything about customer before he even entered shop.
 

nutzo

Supreme [H]ardness
Joined
Feb 15, 2004
Messages
7,380
The only thing needed with passwords is to scrap the retarded corporate policy to change everything every 30-45 days. Even the guy that came up with the original recommendation has since said he regretted it as it has reduced the password strengths greatly.
Way to deal with passwords you need top change every 30 days.
Password1
Password2
Password3
etc.
You just need to remember the number, or use the month as the number.

Way to deal with long complicated passwords....
User writes it on a scrape of paper and tapes it to their keyboard or monitor.
 

HockeyJon

[H]ard|Gawd
Joined
Dec 14, 2014
Messages
1,157
Actually it isn't..Biometrics have been around for Decades..It is just the garbage they put on a cell phone in no way compares to biometric scanners that cost thousands or even tens of thousands of dollars. "It's in its infancy" isn't an excuse for everything and expecting the cheap crap implemented in a cell phone to ever compare to a real security system is laughable. It will NEVER be a superior system on a cell phone.
Totally fair point.
 

Retronym

Something big is coming.
Joined
Mar 5, 2007
Messages
12,646
passphrases.
we just need longer character lengths.
 

RayderR6

Limp Gawd
Joined
Sep 14, 2008
Messages
295
Who wants to give all that to Microsoft?
Exactly! This rush of user biometric bullshit has nothing to do with our security, it is merely a vessel to see how willing the sheep are at giving up personal information under the guise of user convenience and of course "the cool factor". Where all this data winds up is not for the sheep to know, but rest assured, it will be used against you at some point.
 

J-Will

[H]ard|Gawd
Joined
Jan 10, 2009
Messages
1,724
My android phone does that. :) Finger and password capable. The problem with facial is that there is no heat detector device built in to distinguish if it's just not a picture. Plus they use cheap crap components that don't have enough point references.
That is actually biometrics OR password
 

arentol

2[H]4U
Joined
Jun 15, 2004
Messages
2,712
My android phone does that. :) Finger and password capable. The problem with facial is that there is no heat detector device built in to distinguish if it's just not a picture. Plus they use cheap crap components that don't have enough point references.
Not "Either Or".... BOTH. It is called Multi-Factor Authentication. It is like when you have to use the Blizzard authenticator app AND a Password to access your Blizzard account. It makes it a lot more secure. So in this case it would be your face being scanned AND a password, or even just a short passcode.
 

arentol

2[H]4U
Joined
Jun 15, 2004
Messages
2,712
Because then idiots will use Password1 and complain when they get "hacked". What's probably the worst I've seen for password requirements is a maximum length. Sure it can't be infinite, but I've seen places with max lengths of 12 characters. TWELVE! My car insurance company does that crap, so not only do I have to remember a password with symbols, numbers, capitals, in it... it can't be longer than 12 digits. Th1sIsMyCarInsuranceP@assword would be way better, and easy to remember but no.

XKCD explained this ages ago, but few people seem to understand it https://xkcd.com/936/
XKCD's entropy math is wrong because it treats the characters as characters and stops there. You also have to consider how long it would take to break if you treat the words as words, and attack based on popularity of use in passwords.

A better approach is to use three random words + one nonsense word/number/symbol combination that you use in all your passwords (e.g. Fl4q$bn). This reduces it to 4 things to remember still, but one of them will never be in a dictionary list so someone doing a dictionary based passphrase attack will always fail.
 

_l_

I Am A Cock
Joined
Nov 27, 2016
Messages
1,151
interesting how so few seem to be able to think outside the box but for those who can, rest assured you will be persecuted by the masses for having such a talent
 

King of Heroes

[H]ard|Gawd
Joined
Mar 26, 2008
Messages
2,006
The main issue is that we have one set of biometric data each. Once that data is acquired by someone who should not have it, we are probably screwed. Multiple types and ways to obscure authentication could help, but in the end it seems like it could be a huge issue.
Wouldn't it be possible to "mix" the biometric data with some sort of randomness? Like how you salt a password hash? That would make each scan of the same face unique.
 

BloodyIron

2[H]4U
Joined
Jul 11, 2005
Messages
3,439
Sysadmins, like myself, are going to have a field day with this shit. Forced biometrics? Fuck off!
 
Top