Slashdot Mirror


Bill Gates Proclaims End of Passwords

KrazyK writes "Bill Gates has just proclaimed the end of passwords. There's only one drawback - you have to use .Net (well, what else would you expect?). However, the smart card that is at the centre of it - made by Axalto - is still a great bit of technology. How long before we can get an open-source version of this?"

8 of 488 comments (clear)

  1. So now instead of torturing me... by SoTuA · · Score: 4, Insightful
    ... to get me to confess my password, all they have to do is get my wallet?

    Nice!

  2. Re:hard and soft by judmarc · · Score: 5, Insightful

    Think about this before assuming biometrics is the answer:

    • If someone steals an impression or picture of your fingerprint
    • If someone hacks the database linking your fingerprint or eyescan to your access authorizations for bank accounts, work, etc.

    - then how do you get your identity back?

  3. Um... no? by warrax_666 · · Score: 5, Insightful
    The same applies for a smartcard, doesn't it ?

    You can always get a new smartcard, you can't get new fingerprints (or retinas, or whatever).
    --
    HAND.
  4. Re:hard and soft by wertarbyte · · Score: 4, Insightful

    The same applies for a smartcard, doesn't it ?

    No, it doesn't. If your smart card gets compromised, destroy it and get a new card with a new key. If someone manages to steal your fingerprint, you cannot change the media or key you authenticate with: The person did not only steal a material token that is linked to your identity, an unchangable characteristic that should be uniquely assigned to you now is not referring only to your person, someone literally stole your identity; To the ATM machine, he's not only the one in posession of your ATM card anymore: He is you.

    --
    Life is just nature's way of keeping meat fresh.
  5. Re:.NET? by ComaVN · · Score: 4, Insightful

    So it is an arms race. Just not with the criminal, but with your neighbour.

    --
    Be wary of any facts that confirm your opinion.
  6. Re:hard and soft by Kjella · · Score: 5, Insightful

    I never figured out why you can't use the same system as you do with passwords. Password, hash and *drumroll* salt. No, not NaCl, crypthographic salt.

    If compromised, get a new device with a new salt. It is basicly like a new identity (you'd have to revalidate with every authentication you had). If the perp just got your salted code, it is worthless. If he got your fingerprint, he still needs to get your new device to get a valid biometric/salt *pair*.

    Now top it off with a PIN, and you have the holy grail. Something you are, something you have, something you know. Use any subset which is enough. In most cases, what you are/have (fingerprint/salt) should be enough. It'd certainly raise the bar another notch or two.

    Kjella

    --
    Live today, because you never know what tomorrow brings
  7. passwords will never go away by 241comp · · Score: 5, Insightful

    Nope, this won't end passwords. For security, you have the following 3 options: something you have (smart card, signature), something you know (password, passphrase, PIN) and something you are (fingerprint, retina scan). For non-vital information (your hotmail account), choose one. For important information (medical, financial) choose two. For vital information (mission-critical applications, firing mechanisms, creating a will) use all 3.

  8. Reminds of of an old AI story by droleary · · Score: 5, Insightful

    A group of students are working on a neural net project. It comes time to decide what weight to put on the initial connections. One student says, "Set them all to 0 to start." Another student says, "No, that will introduce bias. We should set them all randomly." The smart professor replies, "You'll still have bias, only you won't know what it is."

    So to Mr. Gates I'd like to reply: You'll still have a password, only you won't know what it is. Makes sense from a "security through obscurity" standpoint, though! :-)