Slashdot Mirror

← Back to Stories (view on slashdot.org)

Moving Beyond Passwords For Security

Posted by Soulskill on from the asdf1234 dept.

Naturalist writes with an excerpt from a New York Times story about the need for a more secure method for identification than the password-based system almost everyone currently uses. The article also discusses the weaknesses of the OpenID initiative to simplify the process. "The solution urged by the experts is to abandon passwords -- and to move to a fundamentally different model, one in which humans play little or no part in logging on. Instead, machines have a cryptographically encoded conversation to establish both parties' authenticity, using digital keys that we, as users, have no need to see. ...OpenID offers, at best, a little convenience, and ignores the security vulnerability inherent in the process of typing a password into someone else's Web site. Nevertheless, every few months another brand-name company announces that it has become the newest OpenID signatory."

6 of 235 comments (clear)

  1. Re:Yes, we know. by ratnerstar · · Score: 5, Funny

    It can work as "something you know," all you have to do is memorize your private key. Kids these days; they want everything to be easy.

    --
    Just because you sold your soul to the devil that needn't make you a teetotaler. --The Devil and Daniel Webster
  2. Re:Speaking of passwords by YttriumOxide · · Score: 5, Funny

    Surely that can't work... if it hides your ******** whenever you type it, then it would make it really obvious what your ******** is if it's a standard dictionary word when you use it in a sentence. I don't think it masks ********s at all.

    --
    My book about LSD and Self-Discovery
    Also on facebook as: DroppingAcidDaleBewan
  3. totally safe authentication method! by ocularDeathRay · · Score: 5, Funny

    Jean-Luc Picard: Begin auto-destruct sequence, authorization Picard-four-seven-alpha-tango.

    Beverly Crusher: Computer, Commander Beverly Crusher. Confirm auto-destruct sequence, authorization Crusher-two-two-beta-Charlie.

    Worf: Computer, Lieutenant Commander Worf. Confirm auto-destruct sequence. Authorization Worf-three-seven-gamma-echo.

    Computer: Command authorization accepted. Awaiting final code to begin auto-destruct sequence.

    --
    Obama is a twitter sock puppet
  4. its not that hard by circletimessquare · · Score: 4, Funny

    i have trouble keeping track of all my usernames and passwords like everyone else

    so i put it in passwords.txt in my shared emule folder, so i can access it anywhere in the world ;-)

    smart, huh?

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  5. Re:the real solution! by Anonymous Coward · · Score: 4, Funny

    We already tried that. It's called 4chan.
    It did not work that well though...

  6. Re:something you have? by ratnerstar · · Score: 5, Funny

    You can't prove you have the "something you have" as in reality anything can be copied and thus you might just have a copy. Most of the token "things" are really a case of "something (something you have) knows" which isn't much better than "something you know".

    Right?

    Right. Moreover, given a good hacksaw, biometrics can easily move from "something you are" to "something I have."

    --
    Just because you sold your soul to the devil that needn't make you a teetotaler. --The Devil and Daniel Webster