Why Are We Still Using Passwords?

Here's some surprising news from the Akamia Edge conference. chicksdaddy writes: [E]xecutives at some of the U.S.'s leading corporations agreed that the much maligned password won't be abandoned any time soon, even as data breaches and follow-on attacks make passwords more susceptible than ever to abuse, the Security Ledger reports. "We reached the end of needing passwords maybe seven years ago, but we still use them," said Steve Winterfeld, Director of Cybersecurity, at clothing retailer Nordstrom. "They're still the primary layer of defense."

"It's hard to kill them," noted Shalini Mayor, who is a Senior Director at Visa Inc. "The question is what to replace them with." This, even though the cost of using passwords is high and getting higher, as sophisticated attacks attempt to compromise legitimate accounts using so-called "credential stuffing" techniques, which use automated password guessing attacks against web-based applications... Stronger and more reliable alternatives to passwords already exist, but the obstacles to using them are often prohibitive. Shalani Mayor said Visa is "looking at" biometric technologies like Apple's TouchID as a tool for making payments securely. Such technologies -- from fingerprint scans to facial and retinal scans -- promise more secure and reliable factors than alphanumeric passwords, the executives agreed. But customers often resist the technologies or find them error prone or too difficult to use.

because..

[epyT-R]

1. They aren't tied to biometrics, which once compromised, aren't easily changed. Plus, many people find it instinctively invasive, possibly because of that reason. In contrast, passwords/x509 are easily changed when when compromised or forgotten.

2. Biometrics work as authenticators but not as authorizers.. Nothing stops someone from duplicating your biometric properties (pic of your fingerprints or irises/face) without your authorization. Not so with a password.

SLASHDOT: FIX YOUR CODE MANGLING!!!

[goombah99]

people who post to slashdot from iphones and such get all of their apostrophes turned into å(TM)t â(TM)t

THis is 2017, it's possible to parse plain text and unicode correctly now I have read.

Re:Those... arenâ(TM)t more secure

[fahrbot-bot]

Biometrics are not more secure than passwords - they're less secure but sufficiently more convenient that you can convince people to use them.

A fingerprint is more convenient until the moment you get a blister (or some other damage) on your finger(s), then you're locked out. Seems unlikely? When I got a job at the NASA LaRC way, way back, I had to get fingerprinted, but couldn't because I had been working on my car that week and my hands and fingers were all beat up. I had to wait a week for them to clear up enough to get processed.