Now that passwords being compromised more and more left and right. What do we switch to next, Cred Forums? What security level/method will overthrow and take over passwords?
Now that passwords being compromised more and more left and right. What do we switch to next, Cred Forums...
LastPass.
keys retard
A public-key system would be great but I doubt average users would ever use it. Keeping your keys backed up and safe from others is way too much to ask of them.
My guess is biometric devices. Its easy enough to implement nowadays and takes way more effort to break which will deter low effort attacks.
Services aren't compromised because auntie helen used "123456" as her password
they are compromised through social engineering and software exploits
>passwords being compromised
Because people use shit passwords. For fuck's sake, NOTHING IS BETTER THAN PASSWORDS. JUST STOP SUCKING AT THEM.
Given the high-resolution cameras people have access to nowadays in their phones, would it be possible to extract biometric data (fingerprint, iris, retina) good enough to bypass biometric security?
>passwords
what is this, the 1960's?
i use keys for logging into machines via SSH, and websites can do similar with certificates. modern browsers already have this functionality, i don't know why barely any site supports them
I cut all of my fingertips after a robbery/homicide so i hope we wont use them
This combined with downright stupid and ignorant CTO's and "IT" people who doesn't either give a shit or got a clue about what is going on....
You do know that keys in SSH are nothing more than long, complicated passwords?
Literally makes you easier to identify
there isn't really much of a correlation between how keys and passwords work
devices still have a hard time recognizing ones fingerprint, making it pointless to use. organizations simply forces the software to accept whatever fingerprint appears on screen, making it easy to social engineer.
2FA solves the overwhelming majority of cases.
Your fingerprint or retina wouldn't be a replacement for passwords though, it would be a replacement for your username.
They are less secure than a username.
Yes. You can fool most biometrics with a drawing of a fingerprint.
Augmented PAKE protocols such as SRP and double factor authentication. Especially the last one is tremendously pushed in the industry.
>fingerprint
>leaving your password on everything you touch
Multifactor.
The chances of someone knowing your password, physically having your phone, and knowing your phone's password are incredibly unlikely.
passwords 2.0
crowdpasswords
social passwords
3D printed passwords
discriminating passwords
cloud passwords
letting cat walk on keyboard and saving the password
when you reinstall you just make new accounts
No. Normies get Apple Authenticatorâ„¢ preinstalled, successful touch ID auth responds to key challenge (or enters random password for legacy sites)
Not hard to implement
Swedish banks do this, you have an app called BankID for your phone which is used to log in
For people without phones you can get keyfile in hardware device (either in your debit/idcard chip or calculator-like device) or as download
Cucumber tech-derived omni-passwords will replace them, though they aren't really "passwords" per se.
swedish banks gift their customers gold if they hold an account long enough, is that true?
Nope, never heard of it. Maybe you're thinking of switzerland?
LogIn with DNA test.
>Maybe you're thinking of switzerland?
Sometimes
Anal probe that requires you to take your smartphone with you on the toilet
Forced better passwords and 2fa
>Answer phone
>Radiation hits me
>DNA breaks down
>Locked out of phone