Products > Security

People should drop passwords altogether

(1/26) > >>

MrMobodies:
I found this news article which I found disturbing.

https://www.gazettelive.co.uk/news/uk-world-news/people-should-drop-passwords-altogether-23867710

--- Quote ---ByMartyn Landi, PA Technology Correspondent Will Maule
02:20, 5 MAY 2022

The public and businesses need to “drop passwords altogether” and move to other technology to protect personal information from hackers, a cybersecurity expert has said.

Marking World Password Day on Thursday, Grahame Williams, identity and access management director at defence firm Thales, said passwords were “becoming increasingly insecure” and “easily hacked”. He called on the industry to move to other forms of log-in, such as multi-factor authentication (MFA) – where users must provide an additional layer of identification to log in – or biometrics, such as face or fingerprint scans, to improve the general safety of personal data.

Mr Williams said a key issue was the widespread use of simple and easy-to-guess passwords. Data shows that common and obvious phrases such as “password” and “qwerty” – in reference to the common computer keyboard layout – are often among the most used passwords globally.

Now I can understand if they say there is a need to increase security and some services may require thumb or eyescan and a memoriable password but not ONE solution alone.

Experts advise people who are creating a password to use a collection of three unique, random words and not to reuse them across multiple accounts. But Mr Williams said where possible, platforms should introduce other ways for people to log in and users should strive to use them.

“Whereas passwords are really easy to guess, actually being able to use something which is unique to you – like your face or fingerprint – is obviously the logical step for us to take,” he said. “We would recommend that everyone – whether consumer or private – to start utilising these technologies.

“Our standpoint on this is there’s no reason why you should have to still use passwords and we should all be looking to really push forward.”
--- End quote ---


It sounds like an excuse, just because some may not be using reliable passwords they all need to drop it completely. I thought there were strict requirements with many sites when creating accounts and this 123456 or qwerty nonsense was stopped years ago. Isn't that the websites fault though for not enforcing restrictions to prevent easy to guess passwords?

I am not happy using parts of my body as the only form of a password and verifcation that I can't change that everybody can see and trace and get hold off in plain sight.

I think there should be passwords as well as biometrical stuff for some security stuff because a criminal is going to have to take longer to persuade a victim further for a memorial phrase than just presenting bits of their skin to a scanner.


--- Quote ---Whereas passwords are really easy to guess, actually being able to use something which is unique to you – like your face or fingerprint – is obviously the logical step for us to take  :bullshit:,”
--- End quote ---


I can see the need for security but I don't know, it sounds to me like they up to something and some bullsh*t might be going on in saying all passwords are insecure. Maybe offloading the responsibility on the identity of the user effectively using them as a password.


What do you think?

nctnico:
I think websites should drop passwords indeed and just send you a link to a website over email or other messaging service. Much more convenient.

TimFox:
Of course, to access my e-mail account I need a password.
Am I the only one here who doesn't keep my phone next to my computer?

jpanhalt:
Agreed.  There was a research article between 2006 and 2011 that concluded simply that passwords are designed to be hard to remember but easy for computers to break.  I've complained many times about the ridiculous requirement for "special characters" as the presence of which is a flag to "this may be a password."  In the real word, most data breaches that I have read about were due to human stupidity, such as inserting a thumb drive to see what was on it.   A simple PIN should suffice.

In my own field, Prof. Ray Bartlett (U Conn) long ago studied sources of errors in clinical laboratory testing.  Such labs are required to run controls and test sample lots of new reagents.  The most common cause of a control failure by far was the test, not the lot of reagent.  Overall,  bad reagents were something like 1/100,000 or less as frequent as human errors.  I suspect the ratio of cracking "passwords" to obtaining such information by stupidity is similar.

Gyro:
I definitely feel more comfortable when an important site sends an sms verification code to my phone. One of the reasons that I don't have a banking app on my phone - I prefer it when there are two devices involved.


--- Quote from: TimFox on May 06, 2022, 07:49:24 pm ---Am I the only one here who doesn't keep my phone next to my computer?

--- End quote ---

Possibly. My phone stays with me.

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version