Google Has a Plan to Kill Off Passwords
Is it finally the beginning of the end for passwords? From our laptops to our bank accounts to e-mail, social media accounts, and myriad other online services, passwords ostensibly protect almost every aspect of the lives we lead online. And yet they are annoying to remember and can be dangerously insecure. So why are they still with us?
FULL STORY from MIT Technology Review
Their plan is all wonderful, until you are out on the town after a few beers and the algorithm decides you are not the owner of your phone or car or bank account anymore. Dead phone? identity unverifiable.. New area?, device stolen, lockout initiated... Drunk at the ATM? heat signature and funny expression denied, no cab fare for you...
Security needs to stick to the 3 basics: something you are like biometrics (as a username), something you have (like a keycard\fob\bt device), and something you know (like a password). Messing with this combination is just giving up control and asking for trouble.
Ironically, blockchain technology depends upon private keys which is nothing but a really long password.
Going to a system that doesn't use passwords is a system that depends upon a centralized 3rd party.
I don't like the idea. Biometrics are not and never will be as secure as a passphrase stored in my head. Plus, every biometric data I submit for that purpose ends up in their database. For things like games that aren't important, i actually prefer typing a short password.
I agree. Biometrics are a terrible idea for authentication to a computer system. If you cannot change it, then it shouldn't be used for authentication!
However, biometrics are pretty decent authentication of your real-life identity to a fellow human being that is in your physical presence (barring perhaps identical twins?). If I can't physically see you and touch your face to make sure you aren't wearing a mask, or check your hands to make sure you aren't wearing special gloves, I can't really trust your biometric authentication.
If we are being super paranoid, then I can't even trust your biometric authentication even if we are having a live Skype video chat when technology like this exists and will only get better over time.
True. Memorizing your password is the safest. I am kind of annoyed by passwords and think this technology is cool, but I also don't want to submit this type of data to any database. We seem to be headed in this direction though. Smart Lock and the iPhone fingerprint thing are pretty popular, and biometrics other than fingerprints will probably become more of a requirement to get certain jobs and sign up for certain accounts.
Wolf in wolf's clothing springs to mind....