Jump to content



Photo

Experts: We're stuck with passwords - and maybe they're best

security passwords biometrics

  • Please log in to reply
4 replies to this topic

#1 +Phouchg

Phouchg

    Random Oracle

  • 5,571 posts
  • Joined: 28-March 11
  • Location: Tannhäuser Gate
  • OS: V'Ger 6.1.7601 x64
  • Phone: SQNY D5503

Posted 17 January 2012 - 15:23

Experts: We're stuck with passwords – and maybe they're best
20 years of alternatives have failed

Late last year IBM reckoned biometrics would finally replace the password within the next five years. The prediction was part of a series that also speculated that the digital divide would cease to exist and that mind-reading technology would become a possibility. But, at least on the subject of passwords, new research from Microsoft's Cormac Herley and computer science professor Paul van Oorschot explains why, despite the tech industry's best attempts, this is not the case.

[..] in a joint paper, Microsoft's Herley and Van Oorschot, a computer science professor at Ottawa’s Carleton University, argue that passwords are here to stay because alternatives such as PKI and biometrics have come up short. They added that lessons had not been learned from these failures, and said that as a result, the industry has become stuck in a rut.

They argue researchers need to revisit the subject of how to get passwords to work efficiently rather than assuming the approach is about to be written off as hopelessly flawed and unfixable. Passwords are here to stay, even though they certainly not appropriate in all cases, because "no other single technology matches their combination of cost, immediacy and convenience that many scenarios require".

"Passwords have proved themselves a worthy opponent: all who have attempted to replace them have failed," the two boffins conclude. "It is fair to say that little progress has been made in the last 20 years: usability has degraded significantly, while security has not improved. The reasons, we suggest, are widespread confusion about why we are trying to replace them, what is required of a replacement, and what improvement is expected once they are replaced."


Source: El Reg (channelregister.co.uk)


#2 Geoffrey B.

Geoffrey B.

    LittleNeutrino

  • 15,837 posts
  • Joined: 25-July 05
  • Location: Ohio
  • OS: Windows 8.1u1
  • Phone: Nokia Lumia 928 WP8.1

Posted 17 January 2012 - 16:15

Hi there was an app in the market called TforGG and it was free... but recently they upgraded it to 3.0 version and removed that free version ;-(
I did play with 2.0 version for free and it helped a lot with macro, so Is there any way to cancel recent updates for applications? (im using samsung galaxy II)
or do you know website with old android applications? I cant pay for new 3.0 version, beacuse my card is declined all time, probably beacuse of the country i live in.
btw. sorry for my english. here you are the link: bit.ly/TforGG (their korean website works only from korean IP`s ;-/ so there is no support).
I was looking at few starcraft forums for, but no results... even for other races, there is still no free app.


:spam:

#3 Muhammad Farrukh

Muhammad Farrukh

    The End is Nigh

  • 7,621 posts
  • Joined: 15-August 11

Posted 17 January 2012 - 16:16

I don't see the problem with them
They seem to work pretty fine.

They'll be replaced after all. In 2030.
Provided, we last that long

#4 FMH

FMH

    Neowinian Senior

  • 7,143 posts
  • Joined: 18-July 10

Posted 17 January 2012 - 16:25

^ That is the biggest spam I have seen! :o (reported)

#5 SirEvan

SirEvan

    Neowinian Senior

  • 3,393 posts
  • Joined: 17-April 03
  • Location: Santa Clara, CA
  • OS: Windows 8
  • Phone: HTC One (AT&T)

Posted 17 January 2012 - 16:30

^^ the hell? reported.

You know what..biometrics might be nice, but passwords are used a lot more. My solution is to use last pass. I only need to remember one really strong password (plus my TrueCrypt password) and I can log into anything. The upside is that since LP remembers everything, I can use it's "Generate Password" feature to fill in the MAX length/combination for extremely secure passwords. Had a website I needed to register for the other day, max length accepted was 30 digits. You try remembering a combination of 30 mixed case/numbers/symbols. With LP, no problem

What would really make my day though, was some some type of RFID or usb based authentication to LP. Something so that as long as my "token" was within a few inches of my keyboard/mouse/whatever, LP knew I was there and would log in automatically (Btw, the auto login feature is fantastic.)


I no longer mind having to try and remember passwords.



Click here to login or here to register to remove this ad, it's free!