Microsoft Says It’s Time to Kill Off the Password

How about no...A properly done password is easy to remember and infinitely more secure than any of these gimmick biometric security devices. How about instead we teach people how to create a proper password? Oh that's right..because corporations can't harvest as much data on you to sell with good password controls.
 
  • Like
Reactions: Madoc
like this
Yes it is superior.... Until it doesn't work.

It sux hard to get locked out of your precious because you scruffed your fingertips somewhere. And face recognition has been beaten time & again.

Yes, but the technology is still in its infancy. It will evolve like everything else, and ultimately it will be far better. How many times have we heard about a server being hacked and countless passwords leaked? If they can perfect biometric verification, it will be a far superior system.
 
Isn't this the same as requiring the enduser to use an authentication that they *against their will* can be quickly and easily coerced to provide - rather than just saying "take a hike" they can use your body against you. Complex passwords and two factor authentication keep the individual far more secure.
 
Yes, but the technology is still in its infancy. It will evolve like everything else, and ultimately it will be far better. How many times have we heard about a server being hacked and countless passwords leaked? If they can perfect biometric verification, it will be a far superior system.

Actually it isn't..Biometrics have been around for Decades..It is just the garbage they put on a cell phone in no way compares to biometric scanners that cost thousands or even tens of thousands of dollars. "It's in its infancy" isn't an excuse for everything and expecting the cheap crap implemented in a cell phone to ever compare to a real security system is laughable. It will NEVER be a superior system on a cell phone.
 
It's just ultimate data mining. They gonna combine web and IRL data and track you everywhere with cameras. All this already happening, but not combined in one package.

Who wouldn't want to know everything about customer before he even entered shop.
 
The only thing needed with passwords is to scrap the retarded corporate policy to change everything every 30-45 days. Even the guy that came up with the original recommendation has since said he regretted it as it has reduced the password strengths greatly.

Way to deal with passwords you need top change every 30 days.
Password1
Password2
Password3
etc.
You just need to remember the number, or use the month as the number.

Way to deal with long complicated passwords....
User writes it on a scrape of paper and tapes it to their keyboard or monitor.
 
Actually it isn't..Biometrics have been around for Decades..It is just the garbage they put on a cell phone in no way compares to biometric scanners that cost thousands or even tens of thousands of dollars. "It's in its infancy" isn't an excuse for everything and expecting the cheap crap implemented in a cell phone to ever compare to a real security system is laughable. It will NEVER be a superior system on a cell phone.

Totally fair point.
 
Who wants to give all that to Microsoft?

Exactly! This rush of user biometric bullshit has nothing to do with our security, it is merely a vessel to see how willing the sheep are at giving up personal information under the guise of user convenience and of course "the cool factor". Where all this data winds up is not for the sheep to know, but rest assured, it will be used against you at some point.
 
My android phone does that. :) Finger and password capable. The problem with facial is that there is no heat detector device built in to distinguish if it's just not a picture. Plus they use cheap crap components that don't have enough point references.

That is actually biometrics OR password
 
My android phone does that. :) Finger and password capable. The problem with facial is that there is no heat detector device built in to distinguish if it's just not a picture. Plus they use cheap crap components that don't have enough point references.

Not "Either Or".... BOTH. It is called Multi-Factor Authentication. It is like when you have to use the Blizzard authenticator app AND a Password to access your Blizzard account. It makes it a lot more secure. So in this case it would be your face being scanned AND a password, or even just a short passcode.
 
Because then idiots will use Password1 and complain when they get "hacked". What's probably the worst I've seen for password requirements is a maximum length. Sure it can't be infinite, but I've seen places with max lengths of 12 characters. TWELVE! My car insurance company does that crap, so not only do I have to remember a password with symbols, numbers, capitals, in it... it can't be longer than 12 digits. Th1sIsMyCarInsuranceP@assword would be way better, and easy to remember but no.

XKCD explained this ages ago, but few people seem to understand it https://xkcd.com/936/

XKCD's entropy math is wrong because it treats the characters as characters and stops there. You also have to consider how long it would take to break if you treat the words as words, and attack based on popularity of use in passwords.

A better approach is to use three random words + one nonsense word/number/symbol combination that you use in all your passwords (e.g. Fl4q$bn). This reduces it to 4 things to remember still, but one of them will never be in a dictionary list so someone doing a dictionary based passphrase attack will always fail.
 
interesting how so few seem to be able to think outside the box but for those who can, rest assured you will be persecuted by the masses for having such a talent
 
The main issue is that we have one set of biometric data each. Once that data is acquired by someone who should not have it, we are probably screwed. Multiple types and ways to obscure authentication could help, but in the end it seems like it could be a huge issue.

Wouldn't it be possible to "mix" the biometric data with some sort of randomness? Like how you salt a password hash? That would make each scan of the same face unique.
 
Sysadmins, like myself, are going to have a field day with this shit. Forced biometrics? Fuck off!
 
Back
Top