Cisco switches to weaker hashing scheme, passwords cracked wide open

Discussion in 'other security issues & news' started by ronjor, Mar 20, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    http://arstechnica.com/security/201...r-hashing-scheme-passwords-cracked-wide-open/
     
  2. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Eventually we're going to have to find something better than passwords. Forget length and randomness, the human element involved is the problem. Biometrics and face recognition is fine (but also extremely fallible) for physical location security, but not for website log-ins.

    One effective, but rather inefficient method would be to provide customers with physical authenticators such as Blizzard uses for its games. Currently you still use a password to log in, but it also requires you to insert a six-digit number given to you by the physical authenticator device sent to you by Blizzard. The code is valid only one time, after which you press a button and get a new code for the next log in. If you lose it, the company can simply deactivate it by serial number. However, the downside is that for it to be a reasonable suggestion, every company you have an account with would need to participate in and offer such a program. This leads to lots of money spent by companies having the device made and shipped, and of course money spent by customers purchasing the devices (Blizzard charges 7 dollars itself).

    Another problem would be the obvious issue of bad folk getting their hands on the devices and doing their thing
     
Loading...
Thread Status:
Not open for further replies.