Passwords are Obsolete (Article)

Discussion in 'other security issues & news' started by Rasheed187, Oct 14, 2014.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    OK, so you all think this idea sucks? In short, this system will make it possible to login to sites with a one-time password. So if you want to login, the site will send a password to your mail-account or smart-phone. This way you will never have to make separate passwords for multiple sites.
     
    Last edited: Oct 15, 2014
  3. Maji

    Maji Registered Member

    Joined:
    Apr 26, 2006
    Posts:
    32
    The idea is sound and we have had variations of it in place for some time now (i.e. "forgot my password" functionality and mobile verification for unknown devices during log in, which the articles above mention). Obviously this would limit the damages caused by website breaches since websites would, in theory, no longer store passwords.

    I wonder if a similar concept could be applied to credit/debit cards so that, instead of having to enter a PIN or having a CCV code that is static and can be stolen, there was a temporary PIN or CCV issued at the time of transaction and the only thing present on the card was just the card number and expiration date? I think some credit cards allow you to do something like this already, correct? Where you can use virtual credit card numbers to make purchases online instead of divulging your actual card details? Something like this, but taking it a step further so that if someone steals your card it's worthless and if someone breaks into an eCommerce site or hacks payment terminals, all they would get are card numbers which would be useless by themselves under a scheme like this.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    @ Maji

    To be honest, I do not have any problems with the current "old skool" password system. This new approach is interesting but it also has certain drawbacks. What if for whatever reason you do not have access to your mail-account, or smartphone? You're out of luck then.

    About credit cards, over here in Holland we do not use them that often, we use PIN cards, you can only pay with them if you know the 4 digit pincode (not needed when paying wirelessly up to 50 euro). And when buying stuff online, you get redirected to the website of your bank, you will need your PIN card and hardware token to complete the transaction.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    Cynical ole me has a huge problem with phone or email verification. Mainly the privacy disaster that giving your mobile identity to pretty much anyone represents - less so with email, but also because I think smartphones are insecure and very liable to be stolen or run out of battery - hence denial of service.

    I'm pretty sceptical of biometrics too until practical experience proves otherwise, particularly false negatives locking you out.
     
  7. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    This means if someone gets into your phone or mail they have your password for multiple sites in one hit.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yes, perhaps not such a good idea.
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    The only problem with current passwords is, that people do not use them, or do not know how to use them properly. They just create simple hackable passwords.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
Loading...