Why your next 'Passw0rd' might not be a password

Discussion in 'privacy technology' started by ronjor, Sep 25, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
  2. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    thanks for the article ronjor as usual

    nonetheless i still think appropriate passphrases are yet your best bet all things considered exspecially since even these new "high tech" authentication methods still have the same weakness ...they can be copied , well except for the behavioral authentication methods with dots in a puzzle that would kinda be like passphrases that would be a nice way to have 2 factor authentication

    reason why you never ever store sensitive passphrases yes i said it phrases not words, in an offline database for example keepass , then theres noone that can simply just hack your passphrases like that, given theres been according privacy countermeasures taken in advance , reason why ive

    moved from online to offline database as mentioned , and your safe , and the real sensitive ones are always recommended to be memorized with some sort of pattern that wouldnt even be able to be cracked from your brain even under torture , depending on where you live and what threat level youre working with and what your private data is worth to you ;)
     
    Last edited: Sep 26, 2012
  3. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    Thanks for the article.
     
  4. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    The weakness with biometrics at least in 2012 is they are too literal. They take the "something you are" to the extreme and most currently do not account for changes in that metric, be it biological or environmental. Because of this they usually are used in conjunction with other authentication controls.

    While just the password may be leaving us, it won't be phased out for a long time to come and not just due to financial reasons. For those in cybersec currently you should be seeing the rise in corporate environments/government agencies/ and financial institutions of two and three factor authentication, be it a password used in conjunction with a smart card loaded with public/private keys, or a password tied to a OTP token sent through another communication tunnel, or even gps coordinates.

    Example to log into site X you need a password, and a mobile phone that receives an sms text with your OTP, additionally you will have to be within your targeted GPS region and or biometric match.

    However you can still argue the user is the weakest link in this case, and that all comes down to what you are trying to protect? Is your linkedin account worth implementing 2-3-4 factor auth? Probably not. Is your financial institution? etc.

    Also keep in mind you could have the most secure password in the world on site x, but reused it several times on site Y and Z which keep their DBS in plaintext or use weak hashing algorithms and your password is simply another addition on a word list.
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    The consumer fingerprint password applications are easily broken. I've seen videos where Silly Putty was used to fool a fingerprint scanner on an HP laptop.
     
Loading...
Thread Status:
Not open for further replies.