The Pros and Cons of a Future Without Passwords (cnbc.com) 123
CNBC explores the dream of "a future where nobody has to constantly update and change online passwords to stay ahead of hackers and keep data secure."
Here's the good news: Some of the biggest names in tech are already saying that the dream of a password-less internet is close to becoming a reality. Apple, Google and Microsoft are among those trying to pave the way... In theory, removing passwords from your cybersecurity equation nixes what former Secretary of Homeland Security Michael Chertoff has called "by far the weakest link in cybersecurity." More than 80% of data breaches are a result of weak or compromised passwords, according to Verizon....
Doing away with passwords altogether is not without risks. First, verification codes sent via email or text message can be intercepted by hackers. Even scarier: Hackers have shown the ability to trick fingerprint and facial recognition systems, sometimes by stealing your biometric data. As annoying as changing your password might be, it's much harder to change your face or fingerprints. Second, some of today's password-less options still ask you to create a PIN or security questions to back up your account. That's not much different from having a password.... Plus, tech companies still need to make online accounts accessible across multiple platforms, not just on smartphones — and also to the people who don't own smartphones at all, roughly 15% of the U.S.
Some data points from the article:
Doing away with passwords altogether is not without risks. First, verification codes sent via email or text message can be intercepted by hackers. Even scarier: Hackers have shown the ability to trick fingerprint and facial recognition systems, sometimes by stealing your biometric data. As annoying as changing your password might be, it's much harder to change your face or fingerprints. Second, some of today's password-less options still ask you to create a PIN or security questions to back up your account. That's not much different from having a password.... Plus, tech companies still need to make online accounts accessible across multiple platforms, not just on smartphones — and also to the people who don't own smartphones at all, roughly 15% of the U.S.
Some data points from the article:
- "Microsoft says 'nearly 100%' of the company's employees use password-less options to log into their corporate accounts."
- "In September, Microsoft announced that its users could go fully password-less to access services like Windows, Xbox, and Microsoft 365."
- "Similarly, Google sells physical security keys, and its Smart Lock app allows you to tap a button on your Android or iOS device to log into your Google account on the web."
- Apple's devices have used Touch ID and Face ID features for several years."
The Pros and Cons? (Score:5, Insightful)
Re:The Pros and Cons? (Score:5, Insightful)
Re: (Score:2)
Regardless of the system used, web services would have to account for people losing control of their private data, so migration would still have to be supported.
With certain proposed password-less systems, the server doesn't actually need to store any private data, sort of like public-private key encryption. As such, unless you lose control of your own private "key", there's never a need to change it, and weak keys are never an issues, typically being something like a 256-bit random number. Passwords only
Re: (Score:1)
Re: (Score:2)
Passwords really should be standardized in how they function, and how they are managed. Passwords should be one-way hashed before sent to the server, so the server never handles a plain-text copy of your password. There really needs to be a set standard for password managers to "reset" your password as well.
The key word here is "should". You are absolutely correct. This is how things SHOULD work. But they don't and they never will.
Unless we live in an iron-fisted, totalitarian society, where every piece of hardware and software is controlled by one central entity, the type of standardization you are describing is impossible.
Re: (Score:3)
Re: (Score:2)
If you send a hash of the password, the hash IS the password. The only thing that does is make it harder to enter the password manually, which hackers aren't doing anyway.
Re: The Pros and Cons? (Score:2)
Re: (Score:2)
How do you figure it prevents those things? Capturing a hash in flight is no different than capturing a password in flight. All an attacker has to do is present the same hash and they are in, regardless of whether they know the actual password or not.
Re: The Pros and Cons? (Score:2)
Not exactly, i thought the same as first, but thinking about it, it's not as stupid as it sound, because it allows the same password to be used everywhere and still be safe elsewhere if the server get breached.
Imagine I use "123" as my password on site A and B. A and B each use a unique salt to hash my password.
When i try to log into A, A sends me saltA, I type 123, the browser hashes it with saltA and sends that hashA.
If it gets intercepted, the hacker can log into A, but not into B, because since B uses a
Re:The Pros and Cons? (Score:5, Informative)
Passwords should be one-way hashed before sent to the server, so the server never handles a plain-text copy of your password.
Not sending the raw password to the server is a good start, but implemented naively this just means that the hash becomes a sort of password: anyone with the hash can authenticate, even if they don't know the password the hash was based on. A better system is to apply a password-based key derivation function [wikipedia.org] to produce a public/private keypair from a single master password and some unique public information about the site, such as the domain name. Only the public part is communicated to the site. To authenticate you sign a single-use, limited-time challenge proving that you know the private half of the keypair.
One of the best things about this is that the password part isn't strictly necessary—it works equally well to have the keypairs stored in a TPM or hardware security key, and the site doesn't see any difference. The form of key management is ultimately decided by the user. Sites just need to support something like the WebAuthn standard (without mandating the remote attestation anti-feature); the rest of the UX is up to the user agent.
Re: The Pros and Cons? (Score:2)
Re: (Score:2)
Right, it depends on browser support. You wouldn't want the JS to have direct access to the private keys anyway. In the TPM-based scheme the TPM would just hold a master key, not one for each site. Any number of site-specific keys would be stored outside the TPM, encrypted with the master key, and loaded into the TPM temporarily to complete the challenge.
Browsers are already implementing support for WebAuthn but so far as I know it only extends to support for hardware keys. We'd need to implement a purely s
Re:The Pros and Cons? (Score:5, Insightful)
As such, unless you lose control of your own private "key", there's never a need to change it, and weak keys are never an issues, typically being something like a 256-bit random number.
This 'key' you speak of will be reused your whole life. Pay for a coffee, buy stock, claim your pay check, take loans.
Whatever could go wrong with reusing a single password over a whole life?
Far better if you never had to change it.
Sure, but biometrics jumps over this whole question by making it so you can't change it, even if it would be prudent to do so. Moreover, with things like facial recognition you're literally broadcasting your password into your environment non stop.
And given the track record of security flaws in major softwares it's not far fetched to think something will go wrong at some point.
With passwords at least there is some damming in of the problems caused by any one password leak. With biometrics you only need the one 'password' and you've basically got control over someones life. Well, not yet at least. Not until we move to the 'all-biometrics' world.
With certain proposed password-less systems, the server doesn't actually need to store any private data, sort of like public-private key encryption.
1) The name 'password-less' is pure bullshit. There is still a password and you're wearing it on your head (or your fingers or iris or whatever). And you don't actually have control over this password.
2) There are systems that already provide for not having to store private data. Hashing is one common way to check passwords without having to store them. So we don't actually need these password-less systems to have the benefit of not storing private data. It's a rouse.
Re: The Pros and Cons? (Score:4, Interesting)
Saying a pin or biometrics is the same as a password displays a gross misunderstanding of passwordless technology.
The biometric data only unlocks a specific hardware device's stored key. The attacker still needs to acquire your hardware to make use of your biometric data. There is the classic security essay on "Mossad / Not Mossad". https://www.usenix.org/system/... [usenix.org]
You'll never just login to your bank with your fingerprint. Just like you never just log into your bank with your social security number. There'll always be a required combination of factors. And the more secure the info being requested the more factors needed.
Re: (Score:2)
The biometric data only unlocks a specific hardware device's stored key.
Then how do i log in through another device?
And indeed, what if the device is stolen and the biometric information that i have been shedding all my life is simply copied from my environment and input into the device?
And how will i be able to authenticate myself to mark the device as stolen without the device in my possession?
There is the classic security essay on "Mossad / Not Mossad". https://www.usenix.org/system/ [usenix.org]... [usenix.org]
It was an entertaining read but it severely abstracts the issues of information security to the point of, IMO, throwing the baby out with the bath water.
The author wants to divide all t
Re: (Score:2)
Another pro of passwords is the police can't compel you to provide them.
They can compel you to put your finger on the sensor or look into the camera.
Re: (Score:2)
Another pro of passwords is the police can't compel you to provide them.
In many countries they can. If you do not tell them then you go to prison.
Re: (Score:2)
Depends on your jurisdiction. People in the UK gave gone to jail for failure to provide passwords.
Re: (Score:2)
And what happens when you honestly forgot your password?
Re: (Score:2)
The law states that the police have to show that you knew the password beyond a reasonable doubt. So for example if there is a log of you accessing something shortly before they arrested you.
It's not a very well developed area of law. Clearly if you have a very long random password you could easily forget it between the time you were arrested (very high stress situation) and they asked for it. You would need to convince a jury of that.
It's a very worrying rule. I have old archives that I forgot the password
Re:The Pros and Cons? (Score:4, Insightful)
Most security is built up from passwords and keys. Keys are something you have, while passwords are something you know. As such, it should be much harder to steal a password.
Most security managers / operators do not fully understand this. If you make a password so hard (by requiring special characters and/or rotation requirements) that you cannot remember them, they turn into lousy keys.
Re: (Score:2)
and yet if you make them to simple they are easily guessed. This the fundamental issue with passwords. I don't really think there is a solution either. There are things like password vaults that address some of the issue for some situations but they mostly move the problem at the end of the day. - And put a lot of eggs in one basket..
Re: (Score:2)
Unfortunately if you allow weak passwords, they are too easy to crack. If you allow password reuse, one hacked website opens up all the user's other accounts.
That's why the best option is to use a password manager and long, random passwords. As well as a physical key.
Re:The Pros and Cons? (Score:4, Informative)
There are pros, for the companies pushing it. Their support staff won't ever have to do a password reset again. 80% of account compromises, and the associated labor-intensive support requests, will disappear off the ticket queue.
Pros for the user? None, unless they were reusing passwords.
Re:The Pros and Cons? (Score:5, Insightful)
And the added hassle and delay of these apps. Logging in somewhere, having to wait until you get that message, typing that in. No thanks. I'll stick with my passwords please.
Re: (Score:2)
Re:The Pros and Cons? (Score:4, Insightful)
Allright, let's draw it some different way for you. You are sleeping, all of a sudden you realize your house is on fire. You get up, run and get safely outside, where you watch your house burn to the ground, with all the devices you listed above in it.
How do you do it then ?
Re: (Score:2)
Recovery email at the local library.
But here's another case for you. You're driving down the road and get into an accident causing you to hit your head on the dash. Long term memory affected. How do you get in with your password?
We can come up contrived disaster scenarios all day.
Okay your turn next, please include an alien attack.
Re: (Score:2)
That one is easy, unless the company wants to be a dick. Prove your identity to the company. Next the company can double-check by contacting the owner by account and making sure there is no response to indicate the account is owned by someone else.
Re:The Pros and Cons? (Score:5, Insightful)
Recovery email at the local library.
How would you access your email in a passwordless world without your phone?
But here's another case for you. You're driving down the road and get into an accident causing you to hit your head on the dash. Long term memory affected. How do you get in with your password?
Passwords are easier to print out than 2FA. So I have a version of them printed out (a bit obfuscated) in my wallet (at least the password for my gmail account, from which I can reset my password for about anything)
We can come up contrived disaster scenarios all day.
No, you don't get it. Losing your phone is incredibly common. I could have my phone stolen while doing tourism in another country. I can smash it on the ground while outside my home, etc etc. While incredibly convenient for 2FA, it is a SPOF, and as such could never be considered the only source of authentication as it is today.
Okay your turn next, please include an alien attack.
No need for an alien attack to lose your phone. Stop being so obtuse.
Re: (Score:2)
Same way you do if you forget your password. Send a reset email, call the bank, whatever it is you do to get a new password will work for this scenario too.
Re: (Score:2)
"Send a reset email"
How do you receive the password reset email if your authenticator for that email account is gone?
"call the bank"
How do you call the bank if your phone is gone? How do you even look up the phone number of the bank?
Re: (Score:2)
The same way you do with a password. All of these problems apply equally if you have a decent password.
Re:The Pros and Cons? (Score:5, Insightful)
I only have one phone, no laptop, no tablet, my smartwatch doesn't do apps/videos, and my desktop doesn't do video.
But more to the point, I don't want to have to use my phone to get into your website. Just because 85% of us own smartphones doesn't mean we want to use them for everything.
Re: (Score:3)
Right because everyone has a dozen internet connected devices just sitting around.
Welcome to the real world where everyone doesn't work in tech. For a lot of Americans their one and only connection to the internet is their phone and some one having an old phone handy is not at all a given.
Re: (Score:2)
You are supposed to have backup codes kept securely somewhere for that. Otherwise it's the account recovery procedure, e.g. call the IT department.
Re: (Score:3)
My work is moving to TFA and their plan is to require us to have an authentication app on our personal cell. I got to listen to a 20 minute bit of propoganda about why that's far superior to a USB dongle, which boiled down to "you always have your phone and it always works and it's always charged, but you might not always have your physical key but if for some reason you don't have your phone available we can come up with a work-around to get you logged in".
Needless ot say, anyone who can do basic logic imm
Re: (Score:2)
And the added hassle and delay of these apps. Logging in somewhere, having to wait until you get that message, typing that in. No thanks.
I use Duo Mobile [duo.com] for things like VPN connections and Windows logins, although they support a long list of other applications. The authentication prompt rarely takes more than two seconds to appear on my phone, and I merely click on Approve or Disapprove - no numbers need to be retyped. Also, Duo's MFA services are free for up to 10 users.
Re: (Score:2)
How do you put the Duo authenticator on a new device without access to the old device?
Re: The Pros and Cons? (Score:2)
It depends on your perspective (Score:3)
For the big dominating "Web"-Companies like Google/Facebook/etc the advantage is clear. Such a scheme would make it much easier to have cross-site logins which makes it much easier to track users across domains.
On the other hand it creates a higher barrier of entry to competitors.
Essentially, if your plan is to turn the Internet into a 1990s style walled garden "online service" it's a great idea, otherwise not so much.
Re: (Score:2)
They already have cross site logins with passwords. Using a security key doesn't give them any additional way to track you, the token is unique per site and not correlated with the key at all.
Re: (Score:3)
Are there any Pros? Just a mass move to security managed by someone (just not me).
You mean other than 30 years of evidence that users are waaaay too dumb to manage passwords?
Here's the thing, these companies online aren't pushing for this because they hate users, they are pushing for it because of the incredibly large support cost and bad press they get when users are affected by something. Corporations the same thing. It's bad enough when data gets compromised, it's even worse when you find out it's because of some mouth-breather used "password" as their password.
Yeah it's great that us
Re: (Score:3)
You mean other than 30 years of evidence that users are waaaay too dumb to manage passwords?
Having been in the computing field for over 35 years, I can guarantee that nothing will change if we get rid of passwords. If anything, I suspect the support requirements will increase, not decrease. Having another, more complicated, hoop to jump through will just change the nature of support, not decrease it.
For every idiot-proof system, there is a more determined idiot. Passwords have persisted because they are cheap and simple. Passwordless is relatively expensive and complicated.
Re: (Score:2)
For every idiot-proof system, there is a more determined idiot.
Except that's not even the case here!
The last time this was posted a few weeks ago a few people noted that every problem with passwords is either still there with another method of authentificaiton, or it's been replaced with a worse issue. Most commonly, it's another, more fragile and more complicated system with a fallback to a PIN or password, which substantially increases your attack surfaces rather than making your systems safer.
The most idiot-proof system is pretty much a username and password. As soo
Re: (Score:2)
Having been in the computing field for over 35 years, I can guarantee that nothing will change if we get rid of passwords. If anything, I suspect the support requirements will increase, not decrease. Having another, more complicated, hoop to jump through will just change the nature of support, not decrease it.
You're making assumptions as to the nature of support and solutions. "Support" in this case is dealing with the endless stream of hacked accounts. As for "hoops to jump through" and "more complicated", I can only assume you've never used a passwordless login before. There aren't "another hoop" and they aren't "more complicated", it's just a different access mechanism.
35 years of computing guarantees there's no such thing as a perfect solution. That doesn't mean we can't get something to change. Even if the
Re: The Pros and Cons? (Score:2)
Re: (Score:2)
You manage your own security with a security key like a Google Titan or Yubikey.
They fix the common issues with passwords. Reuse, poor choices, forgetting, management between multiple browsers/systems, phishing. You can use a password as well if you like, but the benefit is probably marginal.
Re:The Pros and Cons? (Score:4, Insightful)
Depends on whose definition of "pros" you're referring to:
- Plausible deniability for idiots in power when they decide to break the rules. ("Obviously, I've been hacked.")
- Accountability for the powerless when a scapegoat is needed. ("It was your job to secure your account.")
- Ease of access when you misplace "your" credentials. ("Of course this is my fingerprint and not a hotdog / gummy bear / 3d printed replica.")
- Better tracking for the unimportant. ("Well, of course we have a biometric database. We sell updates to the advertising industry.")
See there's plenty of "pros"...
Re: (Score:2)
You are looking for pros, but here are a few cons:
1. people without Cell Phones are locked out.
2. Far less privacy, now these Sites know exactly were and who you are because they can link you to your Cell Phone. With just passwords one could use a VPN and fake bios to "hide".
3. What if you change your Cell Number due to all the spam you get ? How will you update all these sites ?
I am sure there are many others
still need things like app passwords / tokens logi (Score:4, Interesting)
still need things like app passwords / tokens logins.
Service accounts that you really can't tie to an phone.
LDAP app binders
ssh terminals / sudo / apps that don't do any sso / or do more then just basic login.
And when we lose our phone? (Score:5, Insightful)
Increased digital security is good, but basing all that on mere possession of a specific phone seems dangerous. For everyone I know, their relationship to their smartphone has been a case of "it's not a matter of 'if' it ever breaks, but rather a case of 'how long until it does?" Whether it is breaking, mysteriously stopping working after an update, getting stolen, compromised by some random free app, getting confiscated... Lots of stuff happens to cell phones, and I'd rather not risk losing my entire digital existence because something happened to it. (I've heard more than one security expert state that they flat out consider their phone to be compromised at any point in time, no matter how new or how recently reset - the only question is "how badly" - and treat it accordingly.)
Case in point: the humble desktop PC. For most people, their desktop or laptop is probably their main backup route to access everything online. (or, for many, probably their *primary* means of doing so). As such, it, at the very least, should not be secured using the thing that it is acting as a backup for.
(Microsoft: Stop trying to force everyone to use microsoft accounts to log into their local computer; especially using their phone based proximity unlock)
Re: (Score:2)
Re:And when we lose our phone? (Score:5, Interesting)
And with the password managers built into any browser, how much time and trouble are those 30+ passwords? Virtually none at all. You don't have to remember any of them, you don't have to write any of them down, all you have to do is click to generate one and watch it be autofilled when you log in.
Re: (Score:2)
Or just let the site "remember" your login, so autofill isn't even necessary. I don't even bother with a password generator/manager since many web sites don't ask me to re-authenticate for 6 months at a time. I keep all my passwords backed up as printed records in a fire-proof safe. Hell if I'm going to give any of that info to the cloud.
Now, if only browsers were better at keeping those cookies secure...
Re: (Score:3)
Increased digital security is good, but basing all that on mere possession of a specific phone seems dangerous. For everyone I know, their relationship to their smartphone has been a case of "it's not a matter of 'if' it ever breaks, but rather a case of 'how long until it does?"
You're begging the question. Every 2FA service I've ever seen has taken into account the loss or damage of the 2FA device and provided an alternate (often email verification, sometimes even an offline paper form with a recovery key).
(Microsoft: Stop trying to force everyone to use microsoft accounts to log into their local computer; especially using their phone based proximity unlock)
MS doesn't force any 2FA to log into your computer. In fact while MS may *link* your local account and your online one they specifically advise users *NOT* to log in with their MS account. That's the whole point of Windows Hello, a completely offline, unlinked, device-unique log
Re: (Score:2)
You are supposed to keep the backup keys somewhere safe, in case you ever need to recover your account.
As for phones getting compromised, it's a bit more complicated than that. Phones have secure data storage for things like encryption keys. The storage has its own separate CPU that validates requests. As such even if the phone is completely compromised and the malware has root, extracting the keys is not possible.
Generally speaking, mobile operating systems have a lot better security anyway due to their co
Re: (Score:2)
You are supposed to keep the backup keys somewhere safe, in case you ever need to recover your account.
Spoken from a true position of privilege. Where is safe? There are whole classes of people, e.g. the homeless, who have no safe place to store recovery data, and are at high risk of losing their phones (or having them stolen, possibly by law enforcement.) These people do have phones, because we give free phones to the homeless. I guess they just don't matter, though.
Re: (Score:2)
If you are in that position then it may be best not to keep backup codes at all. You can still use 2FA to require both a password and security key. Nobody is taking that option away, they are saying you can just replace 1FA passwords at your discretion. Obviously considering your own threat model is key.
Re: (Score:2)
The push to base 2fa based on a phone has nothing to do with security. It's a push to remove anonymity by forcing you to use a device which is registered in your real name.
vendor locked security keys don't seem like an goo (Score:3)
vendor locked security keys don't seem like an good idea and they don't help at all for an service account that say more then one person may need to use.
Will they work on all os's / devices? how many plug / unplugs before they where out. what if they get cloned / get lost / taken?
Re: (Score:2)
also don't work that well in an war zone.
So there I was happily wfhing (Score:4, Informative)
when I get an email from my employer's IT saying the certificate on my smartcard was about to expire next week so I should update it.
Being the sort of guy who doesn't want to brick his work badge and not be able to work, I dutifully complied and updated the cert on my card.
Then I stepped away from my machine and locked the screen. Only to come back and find that in the intervening few minutes it took me to take a dump, the VPN connection into work had hickuped and my new credential had not gotten cached onto my machine. So there I was with no way to unlock my screen.
I had to drive in to work, physically plug into the corporate network for my laptop to accept my updated certificate on my smartcard.
Passwordless authentication is "nice" but it's also fragile in a way that passwords are not. Back in the days before hardware tokens when corporate policy was to change your passwords every X days, a failure to cache a new password on a remote machine on a VPN would have been solved by...typing in the old password, VPNing in, and forcing the credentials to update by locking the screen.
But password logins ain't allowed no more because "security" and there was half my working day gone because someone somewhere didn't think of a way to push out smartcard certs and Windows logon credentials in the same go.
2FA FTW.
Re: (Score:3)
At my former employer like a decade ago, it was a pain even physically in the office when changing my ActiveDirectory password. I found out that I need to log out of all of my connected sessions and relogin with the updated password or else my account gets locked out. Stupid.
Re:So there I was happily (Score:4, Interesting)
We solved this at my work by creating a local account on each laptop that could be used to log into the laptop but nothing else. Once the user was able to log onto the laptop, they could connect via the VPN to update or cache their network credentials. Then they could log out of the local account and log in as normal with their network account.
This also worked during the pandemic when we would ship a new computer to a user working from home. Plus, some VPN software also supports "Start before Logon" or something similar to prevent this type of Catch-22 problem. (Can't start the VPN because you can't authenticate into the OS.) Short story, our users don't need to come into the office just to update their tokens unless something went seriously wrong with the OS.
Re: (Score:2)
Passwordless authentication is "nice" but it's also fragile in a way that passwords are not.
Everything is fragile when your system is setup by idiots in corporate IT or problems in the software setup. The issue you have exists with new as well as old systems and I have had a case where neither my new or old password had been accepted because of network state (though the workaround for that was to unplug my system from the network before typing my old password in). Bad programming happens regardless of what authentication system you use. Passwords weren't less fragile, just in your case they were b
Re: (Score:2)
Riffing off of Frank Abagnale (Score:3)
The problem isn't passwords or mobile devices or security hack per se.
It's monoculture of means of identifying (made much more for the convivence of big tech instead of, you know, actual security), AND storing of data long after it is no longer needed to establish identity (but you can't a payout at the back end without big data now can you?).
And of course all those folks storing that data suffer no ill-effects from any security breach, so pfffft... so sorry about your luck (and our security practices).
Of all the multitudes of ways you could possibly prove your identity, tech has given us maybe 4? Specific data (like maybe a picture of your mother taken at the Palisades 1/19?) linked to a numbered account? Nope, too messy, too much data to maintain (Ha!), too chaotic to be easily manageable (or hackable. Or monetized).
So fuck 'em. I can only hope they get to live a long time in the dystopia they created.
Sigh,. (Score:3, Interesting)
John Lennon (Score:4, Funny)
How about a society where do not even need a password because nobody would bother to login to someone else's email or banking stuff etc. You know like in a town where you don't have to lock your door etc.
Moving countries? (Score:3)
What happens when you move countries in a passwordless security setup?
I expect you have to be exceedingly cautious to make sure your accounts recognize new devices, new phone numbers, new locations, etc.. Pawwordless login systems are more likely to fail to authorize a login in a new country.
And no. You don't have to keep changing passwords. That was always bad advice, initially suggested by someone who admitted that he didn't know what he was doing.
Re: (Score:2)
You should have set aside your recovery passwords in a safe place. And bring them when you move to a new country. These recovery passwords will be a sheet of one time use passwords that you can use in extraordinary circumstances. Such as if you get locked out of your account or associated devices.
My F*buddy Accounts (Score:3)
At some point in the past, a porn site operator received my email (or, I, or someone else, actually opened an account ). Now, daily in my spam folder, I receive dozens of porn site spam messages urging me to log in.
I presume they act as honeypots to collect and associate a reused password with other sites if I complied.
I prefer having unique, random passwords for every site account. If an online account, porn or otherwise, is breached or shares my password, I can track and block it.
Recently, Apple has just released âoehide my emailâ that makes the tracking of who is misusing my data so much easier while keeping my information private. I hope other providers provide similar services for users not in the Apple Walled Garden.
Of course, we hope that providers of such services arenâ(TM)t compromised. But, it is a start to regaining control. And, I still use unique passwords and TFA with accounts I truly care about.
Is there a downside? I need to track this stuff in my password manager or keychain which makes a hack against it or the device holding it a target. But, that data is encrypted with a password that I know and do not share. So, I am safe until quantum computing advances to the point of making it all pointless anyway.
You only have one face (Score:2)
it's much harder to change your face or fingerprints.
So using biometric data to gain access is the same as using one (unchangable) password everywhere.
Not just for the high-security systems run by professionals, but for all the phishing sites that dupe a person into accessing them. Thus giving up the same data that they *know* will let them get to all your other accounts.
As well as all the legitimate sites with poor security - the other 20% that are breached by nbon-password hacks.
The key disadvantage isn't listed (Score:5, Insightful)
Not by chance, the companies involved in the crusade against passwords are all wannabe gatekeepeers.
Re:The key disadvantage isn't listed (Score:5, Insightful)
Yup. Google wants you to log in everywhere using Google's system; Apple wants you to log in everywhere using their system; Microsoft etc. etc. ...
It's really all about lock-in. Any security consideration is secondary, assuming it actually exists at all. Google, especially, is well-practiced at claiming something is for your benefit when it's actually for their own.
It's like my personal Gmail account (which I use less and less as time goes by). I set it up with two-factor auth, many years ago. Now, every time I log in: rather than let me go straight to my OTP app, Google wants me to instead open up their mail app on my phone - which doesn't even have my personal Gmail set up (Google's obviously figured out the connection between my personal Gmail account and my work Gmail account) - and respond to a prompt there. So I have to click "try another way, then click "use the Google Authenticator App", then finally I get to paste in the two-factor code that Bitwarden has helpfully auto-loaded into my clipboard.
Re: (Score:2)
Re: (Score:2)
A shame you are at +5 Insightful. I would have liked to have moderated this comment up. It cuts straight to the fucking core. This is all a song and dance about control since they can't just directly take control away from everyone at once.
I love seeing personalized psychological issues playing out on a mass scale.
So big tech comtrols your security key/Access! (Score:4, Insightful)
I don't want everyone to have a picture of my face (Score:3)
Re: (Score:2)
Another great ignorant Rick Schumann post, thinking that just because someone uses passwordless logins that means they have a "picture of your face".
Like seriously do you ever put any effort into understand how things work before you talk about them?
Don't answer, we already know.
Re: (Score:2)
The rise of passwordless NFC debit cards in Brazil (Score:3)
Another con. (Score:3)
"Can't change your fingerprint" (Score:4, Insightful)
Sigh. This again. No, you can't rotate your fingerprints or face, but this has no bearing whatsoever on the security of biometrics. It's a red herring.
Repeat after me: Biometrics are not passwords.
Password security is fundamentally based on secrecy. Your password's security (such as it is) derives completely from an attacker's inability to obtain or guess it. If an attacker knows your password, they can enter it just as easily as you can. Password rotation is useful because generating and switching to a new secret makes irrelevant any information the attacker has obtained about your old password (including knowledge of what it is not, e.g. failed guesses).
Biometric security is based on secure measurement. Your biometric's security (such as it is) derives completely from an attacker's inability to present it to the scanner in a way that the scanner will accept. If an attacker can fool the scanner into accepting faked data, they can almost certainly obtain your data to present. Biometric rotation -- if it were possible -- would be of no value because biometrics are not secrets. You leave your fingerprints everywhere, on everything you touch, walk around with your face and irises fully exposed to cameras everywhere, etc. If an attacker is able to convince a system to accept faked biometrics, rotating from one non-secret to another non-secret would not help. What's needed in that case is a measurement system the attacker cannot fool.
Note that I'm not saying passwords are more secure than biometrics. Nor am I saying that biometrics are more secure than passwords. Both statements are meaningless when made outside of a tightly-specified threat model. Password and biometric authentication systems are vulnerable to different sorts of attacks. For some threat models, passwords are utterly useless and biometrics very secure. For others biometrics are far better than passwords. For others they're equally bad or good. The security models are different, and often complementary.
Similarly, people often think the value of multi-factor authentication depends on the number of factors used. "Something you have, something you know and something you are" is great, but not because of the number of authentication factors. It's great because the three different categories are vulnerable to different kinds of attacks. Techniques likely to compromise one of them are unlikely to compromise another. Said another way, what matters is not the variety of factors used, but the variety and types of attacks required to gain access. This is a subtle but important distinction that points out the fundamental flaw in the way most people think about security: to focus on the mitigations deployed, rather than on the attacks mitigated.
This is fine (Score:2)
As long as it doesn't become the only method of login to sites
I see a couple of issues ... (Score:2)
Re: (Score:2)
First, and IANAL, but my understanding is that law enforcement can seize and use any physical means of login, but (in the US) the fifth amendment prevents one one from being compelled to disclose one's password. So there's that. And, at least insofar as the password-less login scheme is tied to a phone ... phones are eminently trackable, so I'm guessing some folks might object to the implicit requirement that they carry their "tracking beacon" anywhere they want to have access to their accounts.
If they can prove that you know the password they can compel you to disclose it in the US. They have come to the position that a password doesn't count as testimony but acknowledging that you have a password is. In much the way that the police (with the correct warrant) can sieze and use a key but they cannot force you to tell them where the key is.
Not biometrics please (Score:2)
Re: (Score:2)
Eliminating (Score:2)
Ideally, there would be at least one of each of the three types of factors used for authentication:
* Something you know (such as a password)
* Something you have (such as a smart card)
* Something you are (such as a fingerprint or other biometric method)
Eliminating passwords removes a layer of that security, leaving you less secure.
Of course the current problem is that very few systems have that level of security. Most seem content to just pick one and go with it,
Change your face? (Score:2)
"it's much harder to change your face "
30.000 cosmetic surgeries per year would need new face-words then.
heads we win, tails you lose (Score:2)
No passwords just means that when there is a screwup, you will have no way to access your account. Happened to me recently. Phone service was broken, but every method they had to verify me required me to answer that phone line. I had to change carriers to get that phone number to work, and only then could I get into my bank account. Even if I called them on the phone from a different number. And, an online bank, so no checks that I could write.
As long as the solutikn isn't 2fa, I'm fine with i (Score:2)
Sounds like the contrivance of a problem (Score:2)
Re: (Score:2)
Windows 10 does something similar, asking you to create a numerical PIN to log on.
There is an option (checkbox or something) that lets you use non-numerical characters and more characters in the PIN. So, apparently, they just really don't like the word "password".
dude (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
That's what random salts and not re-using passwords and having strong passwords are for. Doing any of those will make rainbow tables useless.