Moving Beyond Passwords For Security 235
Naturalist writes with an excerpt from a New York Times story about the need for a more secure method for identification than the password-based system almost everyone currently uses. The article also discusses the weaknesses of the OpenID initiative to simplify the process.
"The solution urged by the experts is to abandon passwords -- and to move to a fundamentally different model, one in which humans play little or no part in logging on. Instead, machines have a cryptographically encoded conversation to establish both parties' authenticity, using digital keys that we, as users, have no need to see. ...OpenID offers, at best, a little convenience, and ignores the security vulnerability inherent in the process of typing a password into someone else's Web site. Nevertheless, every few months another brand-name company announces that it has become the newest OpenID signatory."
the real solution! (Score:1, Funny)
always post as an Anonymous Coward!
Re:Yes, we know. (Score:5, Funny)
Speaking of passwords (Score:2, Funny)
I like that slashdot hides your password if you accidently type it into a comment.
Look: **********
Re:Speaking of passwords (Score:5, Funny)
Surely that can't work... if it hides your ******** whenever you type it, then it would make it really obvious what your ******** is if it's a standard dictionary word when you use it in a sentence. I don't think it masks ********s at all.
Re:Speaking of passwords (Score:2, Funny)
did it work?
totally safe authentication method! (Score:5, Funny)
Beverly Crusher: Computer, Commander Beverly Crusher. Confirm auto-destruct sequence, authorization Crusher-two-two-beta-Charlie.
Worf: Computer, Lieutenant Commander Worf. Confirm auto-destruct sequence. Authorization Worf-three-seven-gamma-echo.
Computer: Command authorization accepted. Awaiting final code to begin auto-destruct sequence.
its not that hard (Score:5, Funny)
i have trouble keeping track of all my usernames and passwords like everyone else
so i put it in passwords.txt in my shared emule folder, so i can access it anywhere in the world ;-)
smart, huh?
Re:the real solution! (Score:4, Funny)
We already tried that. It's called 4chan.
It did not work that well though...
Re:something you have? (Score:5, Funny)
You can't prove you have the "something you have" as in reality anything can be copied and thus you might just have a copy. Most of the token "things" are really a case of "something (something you have) knows" which isn't much better than "something you know".
Right?
Right. Moreover, given a good hacksaw, biometrics can easily move from "something you are" to "something I have."
Re:Speaking of passwords (Score:1, Funny)
you can go hunter2 my hunter2-ing hunter2
Re:totally safe authentication method! (Score:3, Funny)
Sheridan: This is Captain John J. Sheridan. Serial number XO7Y39-Alpha. Security code: obsidian.
Ivanova: This is Commander Susan Ivanova. Serial number Z48M27-Epsilon. Security code: griffin.
Michael Garibaldi: This is Chief Warrant Officer Michael Garibaldi. Serial number V17L98. Security code: peekaboo.
. . .
Ivanova: Peekaboo?
Garibaldi: Would you have guessed it?
(linky [wikiquote.org])
I have you beat (Score:3, Funny)
Re:Yes, we know. (Score:1, Funny)
Pwah! Not my passwords! Not a single one in my INBOX. They're all safely squirrelled away in my 'Password' mail folder. Sorry to rain on your parade.