Slashdot Mirror

← Back to Stories (view on slashdot.org)

Moving Beyond Passwords For Security

Posted by Soulskill on from the asdf1234 dept.

Naturalist writes with an excerpt from a New York Times story about the need for a more secure method for identification than the password-based system almost everyone currently uses. The article also discusses the weaknesses of the OpenID initiative to simplify the process. "The solution urged by the experts is to abandon passwords -- and to move to a fundamentally different model, one in which humans play little or no part in logging on. Instead, machines have a cryptographically encoded conversation to establish both parties' authenticity, using digital keys that we, as users, have no need to see. ...OpenID offers, at best, a little convenience, and ignores the security vulnerability inherent in the process of typing a password into someone else's Web site. Nevertheless, every few months another brand-name company announces that it has become the newest OpenID signatory."

13 of 235 comments (clear)

  1. the real solution! by Anonymous Coward · · Score: 1, Funny

    isn't it obvious?

    always post as an Anonymous Coward!

    1. Re:the real solution! by Anonymous Coward · · Score: 4, Funny

      We already tried that. It's called 4chan.
      It did not work that well though...

  2. Re:Yes, we know. by ratnerstar · · Score: 5, Funny

    It can work as "something you know," all you have to do is memorize your private key. Kids these days; they want everything to be easy.

    --
    Just because you sold your soul to the devil that needn't make you a teetotaler. --The Devil and Daniel Webster
  3. Speaking of passwords by Anonymous Coward · · Score: 2, Funny

    I like that slashdot hides your password if you accidently type it into a comment.
    Look: **********

    1. Re:Speaking of passwords by YttriumOxide · · Score: 5, Funny

      Surely that can't work... if it hides your ******** whenever you type it, then it would make it really obvious what your ******** is if it's a standard dictionary word when you use it in a sentence. I don't think it masks ********s at all.

      --
      My book about LSD and Self-Discovery
      Also on facebook as: DroppingAcidDaleBewan
    2. Re:Speaking of passwords by my+$anity++0 · · Score: 2, Funny
      12345

      did it work?

    3. Re:Speaking of passwords by Anonymous Coward · · Score: 1, Funny

      you can go hunter2 my hunter2-ing hunter2

  4. totally safe authentication method! by ocularDeathRay · · Score: 5, Funny

    Jean-Luc Picard: Begin auto-destruct sequence, authorization Picard-four-seven-alpha-tango.

    Beverly Crusher: Computer, Commander Beverly Crusher. Confirm auto-destruct sequence, authorization Crusher-two-two-beta-Charlie.

    Worf: Computer, Lieutenant Commander Worf. Confirm auto-destruct sequence. Authorization Worf-three-seven-gamma-echo.

    Computer: Command authorization accepted. Awaiting final code to begin auto-destruct sequence.

    --
    Obama is a twitter sock puppet
    1. Re:totally safe authentication method! by Kidbro · · Score: 2, Funny

      Sheridan: This is Captain John J. Sheridan. Serial number XO7Y39-Alpha. Security code: obsidian.
      Ivanova: This is Commander Susan Ivanova. Serial number Z48M27-Epsilon. Security code: griffin.
      Michael Garibaldi: This is Chief Warrant Officer Michael Garibaldi. Serial number V17L98. Security code: peekaboo.
      . . .
      Ivanova: Peekaboo?
      Garibaldi: Would you have guessed it?

      (linky)

      --
      May we live long and die out
  5. its not that hard by circletimessquare · · Score: 4, Funny

    i have trouble keeping track of all my usernames and passwords like everyone else

    so i put it in passwords.txt in my shared emule folder, so i can access it anywhere in the world ;-)

    smart, huh?

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  6. Re:something you have? by ratnerstar · · Score: 5, Funny

    You can't prove you have the "something you have" as in reality anything can be copied and thus you might just have a copy. Most of the token "things" are really a case of "something (something you have) knows" which isn't much better than "something you know".

    Right?

    Right. Moreover, given a good hacksaw, biometrics can easily move from "something you are" to "something I have."

    --
    Just because you sold your soul to the devil that needn't make you a teetotaler. --The Devil and Daniel Webster
  7. I have you beat by Iamthecheese · · Score: 2, Funny

    I got a tatoo of my private key on the back of my hand!

    --
    If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
  8. Re:Yes, we know. by Anonymous Coward · · Score: 1, Funny

    Pwah! Not my passwords! Not a single one in my INBOX. They're all safely squirrelled away in my 'Password' mail folder. Sorry to rain on your parade.