Bill Gates Proclaims End of Passwords

← Back to Stories (view on slashdot.org)

Bill Gates Proclaims End of Passwords

Posted by CmdrTaco on Tuesday November 16, 2004 @01:35AM from the trustno1-is-a-bad-password dept.

KrazyK writes "Bill Gates has just proclaimed the end of passwords. There's only one drawback - you have to use .Net (well, what else would you expect?). However, the smart card that is at the centre of it - made by Axalto - is still a great bit of technology. How long before we can get an open-source version of this?"

5 of 488 comments (clear)

Min score:

Reason:

Sort:

end of passwords - not by martin · 2004-11-16 01:39 · Score: 5, Informative

So how do you 'unlock' the smart card to prove its you (and still you) at the keyboard...???

an PIN number...
a fingerprint...

Authentication is based around something you have (userid/smartcard/finger...) and something you know (password/PIN/....)

No change since the Secuure Single Sign On days of the mid 1990's. All they are doing is bringing it upto date using .NET to quickly build applications.
Not a password replacement by Albanach · 2004-11-16 01:43 · Score: 4, Informative

Reading the Axalto press release they talk about their cards as an additional form of security, not a password replacement. I've used smart cards for a few things and each of them has been protected by a password too. You enter the smart card and are then asked for a PIN to ensure you have the right to be using that smart card. As another poster said, if there's no password all they have to do is get to your wallet if they want to Get Root. Hopefully if we do see an open source implimentation it won't be passwordless!
Re:Hmmmm.... by isaaccp · 2004-11-16 02:05 · Score: 5, Informative

Also available in Linux, check the USB PAM module: http://lists.debian.org/debian-mentors/2004/02/msg 00143.html
And over in Java... by MosesJones · 2004-11-16 02:09 · Score: 5, Informative

A classic case of Billy boy announcing something everyone else has. I saw a demo by Sony about 2.5 years ago now which demonstrated smart card + biometrics as an authentication mechanism.

Something like 98% of the world's new smart cards run Java as their programming language, and there are defined standards for security around it. This stuff is already being used in the wild, for instance by the DoD. Oh and if you have one of those "Blue" or clear Amex credit cards... its running Java too.

Or of course you could wait for Longhorn.

In terms of open source, you can do this in Java (which is published and the source is accessible), today.

I love Microsoft, "yesterday's technology, tommorow".

--
An Eye for an Eye will make the whole world blind - Gandhi
Re:Um... no? by lee7guy · 2004-11-16 02:09 · Score: 5, Informative

Also, you don't leave your smartcard at every place you visit, which is the case with fingerprints. You can easily make a gelatine film with fingerprints collected on everyday objects. No fancy equipment required either. When researches tested the technique at a recent show, every fingerprint reading device they were allowed to test, were fooled.

Retinas at least doesn't leave traces everywhere, but then you still run the risk of data theft.

--
Ceterum censeo Microsoftem esse delendam