Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bill Gates Proclaims End of Passwords

Posted by CmdrTaco on from the trustno1-is-a-bad-password dept.

KrazyK writes "Bill Gates has just proclaimed the end of passwords. There's only one drawback - you have to use .Net (well, what else would you expect?). However, the smart card that is at the centre of it - made by Axalto - is still a great bit of technology. How long before we can get an open-source version of this?"

17 of 488 comments (clear)

  1. Hmmmm.... by keeleysam · · Score: 5, Interesting

    This has been in Mac OS for awhile... as Keychains... mine is on my USB thumb drive...

    --
    Nothing for you to see here, Please move along.
    1. Re:Hmmmm.... by isaaccp · · Score: 5, Informative

      Also available in Linux, check the USB PAM module: http://lists.debian.org/debian-mentors/2004/02/msg 00143.html

  2. News? by tuomasr · · Score: 5, Interesting

    This doesn't sound like anything really new to me, I remember logging on to my W2K workstation with a smart card in 2001 if I remember correctly, what's new here (the techworld article didn't want to respond to me so I can't RTFA)?

    1. Re:News? by bgat · · Score: 5, Interesting

      The "new" bit is that the smart card has a .NET interpreter, rather than an 8051/PIC/AVR/? microprocessor running a documented, proprietary, standards-based, stable OS or even Java. Embrace and extend.

      --
      b.g.
  3. end of passwords - not by martin · · Score: 5, Informative

    So how do you 'unlock' the smart card to prove its you (and still you) at the keyboard...???

    an PIN number...
    a fingerprint...

    Authentication is based around something you have (userid/smartcard/finger...) and something you know (password/PIN/....)

    No change since the Secuure Single Sign On days of the mid 1990's. All they are doing is bringing it upto date using .NET to quickly build applications.

  4. Re:hard and soft by judmarc · · Score: 5, Insightful

    Think about this before assuming biometrics is the answer:

    • If someone steals an impression or picture of your fingerprint
    • If someone hacks the database linking your fingerprint or eyescan to your access authorizations for bank accounts, work, etc.

    - then how do you get your identity back?

  5. Re:hard and soft by darth_linux · · Score: 5, Funny

    Bill's right, though. He knows if you use M$ products you don't need passwords. You'll still get 0wn3d.

    --
    Power to the Penguin!
  6. Passwords proclaim the end of Bill Gates by cwebb1977 · · Score: 5, Funny

    Dyslexia finally made sense to me...

    --
    www.weberseite.at
  7. Great another card to lose. by LabRat007 · · Score: 5, Interesting

    I actually like my password encrusted life. If I lose it all I have to do request another be emailed. If I forget my email password I just call my provider and anwser a slew of questions to prove my identity. Things are quick. Now, if my wife gets hold of a password "key" of any kind she will just lose it like she loses her ATM card 2-3 times per year. No thanks.

    --
    "Capital punishment makes the state into a murderer. Imprisonment makes the state into a gay dungeon-master"
  8. Um... no? by warrax_666 · · Score: 5, Insightful
    The same applies for a smartcard, doesn't it ?

    You can always get a new smartcard, you can't get new fingerprints (or retinas, or whatever).
    --
    HAND.
    1. Re:Um... no? by lee7guy · · Score: 5, Informative

      Also, you don't leave your smartcard at every place you visit, which is the case with fingerprints. You can easily make a gelatine film with fingerprints collected on everyday objects. No fancy equipment required either. When researches tested the technique at a recent show, every fingerprint reading device they were allowed to test, were fooled.

      Retinas at least doesn't leave traces everywhere, but then you still run the risk of data theft.

      --
      Ceterum censeo Microsoftem esse delendam
  9. And over in Java... by MosesJones · · Score: 5, Informative


    A classic case of Billy boy announcing something everyone else has. I saw a demo by Sony about 2.5 years ago now which demonstrated smart card + biometrics as an authentication mechanism.

    Something like 98% of the world's new smart cards run Java as their programming language, and there are defined standards for security around it. This stuff is already being used in the wild, for instance by the DoD. Oh and if you have one of those "Blue" or clear Amex credit cards... its running Java too.

    Or of course you could wait for Longhorn.

    In terms of open source, you can do this in Java (which is published and the source is accessible), today.

    I love Microsoft, "yesterday's technology, tommorow".

    --
    An Eye for an Eye will make the whole world blind - Gandhi
  10. Re:So now instead of torturing me... by wertarbyte · · Score: 5, Funny

    But how will women log in?

    Make the variable signed.

    --
    Life is just nature's way of keeping meat fresh.
  11. Re:hard and soft by Kjella · · Score: 5, Insightful

    I never figured out why you can't use the same system as you do with passwords. Password, hash and *drumroll* salt. No, not NaCl, crypthographic salt.

    If compromised, get a new device with a new salt. It is basicly like a new identity (you'd have to revalidate with every authentication you had). If the perp just got your salted code, it is worthless. If he got your fingerprint, he still needs to get your new device to get a valid biometric/salt *pair*.

    Now top it off with a PIN, and you have the holy grail. Something you are, something you have, something you know. Use any subset which is enough. In most cases, what you are/have (fingerprint/salt) should be enough. It'd certainly raise the bar another notch or two.

    Kjella

    --
    Live today, because you never know what tomorrow brings
  12. passwords will never go away by 241comp · · Score: 5, Insightful

    Nope, this won't end passwords. For security, you have the following 3 options: something you have (smart card, signature), something you know (password, passphrase, PIN) and something you are (fingerprint, retina scan). For non-vital information (your hotmail account), choose one. For important information (medical, financial) choose two. For vital information (mission-critical applications, firing mechanisms, creating a will) use all 3.

    --
    Full-Featured GPL Web Hosting Control Panel
  13. Re:hard and soft by Badfysh · · Score: 5, Funny
    or find that paper where you've written them all down

    NEVER stick your password post-it on the monitor! It goes under the keyboard...

    --

    I was conned by an old man in a cloak. It turns out those *were* the droids I was looking for.

  14. Reminds of of an old AI story by droleary · · Score: 5, Insightful

    A group of students are working on a neural net project. It comes time to decide what weight to put on the initial connections. One student says, "Set them all to 0 to start." Another student says, "No, that will introduce bias. We should set them all randomly." The smart professor replies, "You'll still have bias, only you won't know what it is."

    So to Mr. Gates I'd like to reply: You'll still have a password, only you won't know what it is. Makes sense from a "security through obscurity" standpoint, though! :-)