In Post Password Era, Passwords are the Problem

Discussion in 'other security issues & news' started by ronjor, Oct 13, 2017.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    162,650
    Location:
    Texas
    October 12, 2017 02:23 by Paul

     
  2. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    Obvious surveillance state propaganda.
    The article is using straw man argument to push biometrics which are designed to take control over the possession of authentication away from the user and into the hands of anyone who has physical control of that user.
    If passwords were replaced by biometrics it would have had no effect on the Equifax or the Yahoo breaches because each users data is not protected and or encrypted by an individual users password.
    Everyone needs to be quite clear in that, for example in the Yahoo instance, the users password is only used to authenticate with the server, it is not used to encrypt the data. This is why hackers steal millions of accounts at a time, once they have backdoored the server the accounts are there for the taking.

    In both those instances the accounts could be easily secured.
    Yahoo for example.
    User enters username and password. Browser creates sha-2 hash of them.
    Hash is used as user account name and as encryption key.
    Therefore even on the Yahoo server, accounts would be encrypted and no one, can know whose account any of that data belongs to and therefore have no way to access it without every users username and password.

    The problems across the internet at every level and in every instance is a direct result of the evil intentions of the tech corporations whose primary objective is to coerce the masses into believing they can be trusted with tbeir data and communications so they can spy on it. That is why it will always be open to hackers, if the corporation can have access to everyone's account so can hackers.
    They are all despicable liars, and this article is just more of their propaganda.
     
    Last edited: Oct 13, 2017
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I still think 2FA is the best solution. But it shouldn't only work with smartphones, you should be able to use all type of devices, like the desktop/laptop itself. This is handy for people who only use a couple of devices for stuff like online banking and email.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.