Every ‘passwordless’ solution to passwords always ends up being the informational equivalent of ‘passwords, but the method is changed’. Biometrics are just a once-in-a-lifetime password that’s entered differently, password managers are just all your passwords, but behind one big password.
Even 2FA is just “password you know” and “password your device knows”.
Not saying these solutions don’t have value, but to say passwords are outdated is a bit silly.
USB/NFC hardware keys are pretty good though, they are just the current form of smartcard hardware keys that have been around since the late 1990s for high security environments. If you worked for certain federal agencies or private sector companies, you might have used them. They are old technology at this point that has more recently been introduced into the consumer space as platforms and companies face backlash for constantly having security breaches.
I simply use the fingerprint scanner with my balls. They’d never think to check there.
CW: pretty gross even by my standards
I use my butthole and make sure to get a new hemorrhoid every 120 days to reduce my vulnerability to butthole database leaks
If they do think to check there, I’d see that as a net win.
Guy who thinks passwords are outdated, setting a new password for his bank app: Hmm, how about Christmas123!, just like all my other logins so I don’t have to worry about forgetting it!
A fundamental problem with passwords is that you either have a “secure” selection of large, distinct, constantly rotating codes that you have to keep track of on paper/in an app (insecure!) or a single memorable code that - once it is cracked - exposes all affiliated systems (insecure!)
There’s a serious argument to the effect that a physical id tied to a digitally managed rotating set of large arcane codes is at least as secure as the paper/app-based list of hard codes. The big problem with this technology is that it requires a more complex hardware interface with more attendant IT support. So you’re talking about $$$ that people don’t want to spend for additional technical security.
Two-factor authentication is cheaper and easier than biometrics. So we’ve settled on that instead.
I was talking to a schoolteacher the other day who was getting re-fingerprinted for the Nth time. Their last fingerprinting was two years ago. Same job, same county, etc. Everyone was justifying it because of “privacy.” But, like, it’s all going to the same database, where the same people have access. Are they destroying the records every two years (
), or did the authorities just forget their own passwords?If you get into the reaaaaaaaaaaaal nitty gritty of security regarding biometric factors shit turns real weird eventually. Like “How do we know that fingerprint is still attached to a living person?” type stuff.
I’d be sure as hell this isn’t what happened here, just sort of a fun fact. Also why I think thinking biometric factors as safe is fucking insane, exactly because they’re fairly immuteable. You get one data leak on your fingerprint-security-database and now you can never use that shit again if you’re taking it seriously. And if you don’t expect nation-state-level actors as a threat vector, why the fuck are you taking fingerprints?
It’s mostly just technologically illiterate people falling for it imo
Mmm.
I should go print a silicon printer that can make fake fingers based on, idk, someone’s fabvorite ice cream flavor or something. Really hasten the slide in to the security abyss.
Either way, I still use passwords for everything, and every password is unique. Biometrics my right tit they don’t even have t beat that out of you, then can just cut something off. At least with the password manager it has to either have a vulnerability or they need access to state-level legal muscle to force the people who designed it to open the lock. Plus if one password gets compromized nothing else is unless it’s the master, and even with the master they still need access to the password locker to do anything with it.
I should go print a silicon printer that can make fake fingers based on, idk, someone’s fabvorite ice cream flavor or something. Really hasten the slide in to the security abyss.
Pretty much everytime you look into this type of stuff “good print of fingerprint” does the job just fine, you don’t even have to get that fancy with it.
Biometric security is better understood as a convenience product.
fingerprints, face scanning… my OnePlus just keeps asking for pics of my asshole before I can unlock it. Is this just a China thing?
As a fellow OnePlus haver, I have LineageOS (which is privacy-focused) installed and am not asked for pics of my asshole
I also use lineageos but still send them pictures of my asshole since I don’t want them to feel left out
I tip my landlord in butthole pics (he does not like them)
It’s like a thumbprint, but more secure because you don’t typically rub it on every surface.
you don’t typically rub it on every surface
I don’t think you’re using your asshole right
Didn’t Okta just straight up get all their customer data hoovered up by hacker squad
deleted by creator
You’re telling me we don’t have the tech yet for hog-prints? 🤯
Yes I love getting an email every single time I log in to a website. Great UX, nothing obnoxious about it.
Passwords are outdated in the sense that the current best practice is to use a password manager that automatically generates a unique high entropy password (read: completely garbled mess no human would ever remember) for every website or service you use. Most of the replacement for them, however, are less secure garbage that can easily be obtained either through social engineering or by the authorities, so you know.
Even then, you’re better off with a passphrase as they are longer, easier to remember, and are harder to brute force. It’s like a dictionary resistant password.
The absolute best practice is to add random spaces that don’t correspond to syllables. A 10 character password can go from taking a few seconds to crack to several hundred years with a few well placed spaces.
That said, there are databases out there that don’t like spaces, and for some reason lots of financial institutions are this way.
I just hate fucking sites that tell me it has to be under 16 characters. Like wtf
Fucking ridiculous in 2023. If I want to have a 300 character password, that’s my business, hate these arbitrary rules of a max number, no special characters…
depending on what you mean by passphrase, “dictionary resistant” is kind of the opposite of how I’d describe them. Sure they’ll be long and unique but an english language dictionary will surely make bruteforcing them a lot easier
From what I understand it doesn’t help at all. I’m not a crypto (cool crypto, not fake banking) guy but from what I know passphrases generate much entropy. That said, I stick with passwords that are easier to enter, but still pretty high entropy
multiple language passphrase and proper nouns
Chariot Progressive.
Mandelbrot Set is in motion.
Echo Choir has been breached.
We are fielding the ball.
ummm have they heard of ‘passkeys’? like that thing that solves all these issues without any biometrics and personal information and cant be stolen as easily? like one login on a malicious device, and boom all your biometric data is now in the hand of the attacker. physical passkeys? good luck compromising that lol
also yes, this is obviously so cops can get to into your stuff and company’s can collect your biometric data
Passwords are fine with two factor authentication right? Like I have two factor authentication on my phone for pretty much everything either through text or a full on authenticator app.
Me just sitting here installing a pin tumbler lock on my computer that I need to turn every time I want to log in to a website
My password is
Why is this in dunk tank?
Im really hoping it wound up here as to allude to Okta’s massive securty breach that happened last week.
