Logo

**Cristiano** · 06-07-2012, 01:57 PM

The End of the Password as We Know It - Technology - The Atlantic Wire

Rebel Television · 06-07-2012, 02:14 PM

This is why I try to get everyone I know to use a unique password for every site. But it can be impossible to explain why. To most people, salting is something you do to french fries.

**eku Zhong** · 06-07-2012, 02:15 PM

DanielRavenNest · 06-07-2012, 02:15 PM

The article is more about "The End of Password Storage as We Know It", and not passwords themselves.

What we need are things like USB keychains, where you need a physical device in addition to the password to log in. Then stealing the password won't help, cause you need the device in addition.

Lord · 06-07-2012, 02:23 PM

I guess we'll have to graduate to PassSentences next ?

Rebel Television · 06-07-2012, 02:26 PM

Quote:

Originally Posted by DanielRavenNest

The article is more about "The End of Password Storage as We Know It", and not passwords themselves.

What we need are things like USB keychains, where you need a physical device in addition to the password to log in. Then stealing the password won't help, cause you need the device in addition.

Blizzard has been increasingly insistent that people use authenticators when playing their games, and has vehemently claimed that the vast majority of all account compromises are via phishing, keylogging, or other social engineering. There's been increasing amounts of circumstantial evidence mounting up, however, that what's really happening is session spoofing, and the authenticator is starting to look like a red herring.

Sonja Aeghin · 06-07-2012, 02:29 PM

Quote:

Originally Posted by Rebel Television

Blizzard has been increasingly insistent that people use authenticators when playing their games, and has vehemently claimed that the vast majority of all account compromises are via phishing, keylogging, or other social engineering. There's been increasing amounts of circumstantial evidence mounting up, however, that what's really happening is session spoofing, and the authenticator is starting to look like a red herring.

And the authenticator isn't foolproof, either. There have been cases of authenticator-linked accounts getting compromised.

Adeon Writer · 06-07-2012, 02:31 PM

I prefer constantly changing passwords.

at college all the professors carried a device that told them the password for the current 10-second window.

Argent Stonecutter · 06-07-2012, 02:52 PM

SecureID tokens, that's a good business to be in. The tokens are sealed and have a battery that lasted a couple of years, and are disabled well before that... so you have to get another one on a regular basis. From RSA. The security argument is reasonable, but I still think it's mostly about recurring revenue.

**Brenda Archer** · 06-07-2012, 02:56 PM

In my ideal world sites with large numbers of users, and therefore large numbers of users who don't know how to protect themselves on the internet, would make easily available a good explanation of all the necessary basics to protect yourself online. These tutorials should be written at a VERY basic level in 5th grade English.

Part of discouraging the problem is reducing the supply.

bladyblue · 06-07-2012, 04:35 PM

We are going to have to use bluetooth eye scanners just to check our e-mail.

**Void** · 06-07-2012, 05:33 PM

Quote:

Originally Posted by Rebel Television

This is why I try to get everyone I know to use a unique password for every site. But it can be impossible to explain why. To most people, salting is something you do to french fries.

I dunno why... should be really simple.

give password to e-mail service, some employee steals password and looks at your e-mail... they now have your password an probably a bunch of sites you log into... if you used the same password for all of them, you've handed them every site linked to your account.

it'd be like having one key made for your house, your office, your bank, and your car, and then giving a copy of the key to your landlord, your manager, the credit card company, and your car insurance agent... some asshole making a copy of any one of them now has access to everything you have. even if you figure out which one got the key stolen/copied from it, you have to change them all, and anything could be lost.

Alexi Reggiane · 06-08-2012, 02:14 AM

At my place of employment we have fingerprint readers to log into computers. My laptop has a fingerprint reader on it. Seems like this might be a good way to go. I don't like using the same passwords for different logins but I am constantly forgetting them to sites i don't go to often. Let me just swipe my forefinger instead.

bladyblue · 06-08-2012, 03:17 AM

Quote:

Originally Posted by Alexi Reggiane

At my place of employment we have fingerprint readers to log into computers. My laptop has a fingerprint reader on it. Seems like this might be a good way to go.

This is how you guys probably have top secret discussions:

The End of The Password-imageuploadedbytapatalk1339143466.367968.jpg

**Void** · 06-08-2012, 04:46 AM

Quote:

Originally Posted by Alexi Reggiane

At my place of employment we have fingerprint readers to log into computers. My laptop has a fingerprint reader on it. Seems like this might be a good way to go. I don't like using the same passwords for different logins but I am constantly forgetting them to sites i don't go to often. Let me just swipe my forefinger instead.

I really hope those aren't commercial grade print scanners.... those things are crap.

**Robert Jung** · 06-08-2012, 05:36 AM

Can you guys keep a secret?

I use my name for my password ---- but I put the middle name first, the last 2nd and the first last.

Nobody will ever figure that out.

;-)

Lil Hapmouche · 06-08-2012, 05:56 AM

Quote:

Originally Posted by Alexi Reggiane

At my place of employment we have fingerprint readers to log into computers. My laptop has a fingerprint reader on it.

Does it recognize the fingerprint of a single finger or does it store the data for each one with its minor differences?

If it's a single finger, you're pretty much screwed if you find your "sensor finger" covered in a thick band-aid one day and the reader stubbornly refusing to recognize any of your other unhurt fingers.
Been there, cursed and bitched at that...

Ann Otoole · 06-08-2012, 06:18 AM

fingerprint readers fuck up. then you have lost all data.

Argent Stonecutter · 06-08-2012, 06:33 AM

Quote:

Originally Posted by Alexi Reggiane

At my place of employment we have fingerprint readers to log into computers. My laptop has a fingerprint reader on it. Seems like this might be a good way to go. I don't like using the same passwords for different logins but I am constantly forgetting them to sites i don't go to often. Let me just swipe my forefinger instead.

That's _old_ technology. I remember reading about mobile phones with fingerprint readers in them when I was in high school in the '70s. We're just barely catching up with 40 year old popular science magazines.

Evil String · 06-08-2012, 06:38 AM

I'd prefer a fart smell sensor. Mine are unmistakable.
If I couldn't remember my password I would only have to eat some beans instead.

Ann Otoole · 06-08-2012, 06:58 AM

maybe you need to get that nematode issue treated.

Nibb Tardis · 06-08-2012, 08:34 AM

In most cases, you can override fingerprint readers and type your password. They are just a convenience.

But they can be easily spoofed.

MythBusters Fingerprints Busted - YouTube

Lord · 06-08-2012, 08:43 AM

Quote:

Originally Posted by bladyblue

We are going to have to use bluetooth eye scanners just to check our e-mail.

Why is it that people think that a string of code transmitted through the air is safe (even when encrypted)?

Kalel · 06-08-2012, 09:49 AM

Quote:

Originally Posted by Lord

Why is it that people think that a string of code transmitted through the air is safe (even when encrypted)?

Sense of false security we've gotten from having to constantly remember and use Passwords .

if you can't see it and/or don't know it. Then it's secure to their minds...

Ramen Jedburgh · 06-08-2012, 10:46 AM

I have a good system worked out to generate easily remembered unique password for every site.

It is basically [Password slug][Personally important number][site specific keyword]

As example, and no, these are not my passwords... Say, the meaningful number is my address, which hypothetically is 101. The slug here will be Password with a capital letter.

You get
SLU: Password101virtualworld
Twitter: Password101tweeting
Favebook: Password101status

That sort of thing. It also makes them long.

For anything critical (ie dealing with money, ebay, amazon, bank, paypal) They all have their own, entirely unique passwords.

06-07-2012, 02:15 PM	#3 (permalink)
eku Zhong ガンバレ日本 *SLU Supporter* rotisserie compulsive Join Date: Mar 2009 Location: 田舎 Posts: 11,156 My Mood: Bistro Stars Champion! SL Join Date: 9/29/2007 Business: Culprit Client: LL beta	__________________ Culprit Blog * Culprit Store

06-07-2012, 02:52 PM	#9 (permalink)
Argent Stonecutter Emergency Mustelid Join Date: Sep 2009 Posts: 15,371	SecureID tokens, that's a good business to be in. The tokens are sealed and have a battery that lasted a couple of years, and are disabled well before that... so you have to get another one on a regular basis. From RSA. The security argument is reasonable, but I still think it's mostly about recurring revenue. __________________ Argent Stonecutter -- Skyhook Station -- Coonspiracy Store "And now I'm going to show you something really cool." The previous is a cybernetic datum published - in direct contravention of DoD Regulation #229RR3X3 - as being conducive to the physical, psychological and/or social well-being of the population.

06-07-2012, 04:35 PM	#11 (permalink)
bladyblue And you know that Play the game Join Date: Jul 2007 Location: The Realm of Rygeon Posts: 4,744 My Mood: SL Join Date: February 2005 Business: The Realm of Rygeon Client: Firestorm	We are going to have to use bluetooth eye scanners just to check our e-mail. __________________ I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhauser gate. All those moments will be lost in time... like tears in the rain...Time to die.-Roy Batty

06-08-2012, 05:36 AM	#16 (permalink)
Robert Jung Senior Member *SLU Supporter* needs to edit profile/pics Join Date: Sep 2008 Location: N.E. coast U.S. Posts: 2,952 SL Join Date: Sept 2006 (but not active till 2008) Business: someday, someday ... Blog Entries: 2 Awards: 1	Can you guys keep a secret? I use my name for my password ---- but I put the middle name first, the last 2nd and the first last. Nobody will ever figure that out. ;-) Last edited by Robert Jung; 06-08-2012 at 05:37 AM. Reason: scanability

06-08-2012, 10:46 AM	#25 (permalink)
Ramen Jedburgh Ginger Supremacist Heya ^_^ Join Date: Apr 2010 Location: Illinois, USA Posts: 1,846 My Mood: SL Join Date: 3/9/2006	I have a good system worked out to generate easily remembered unique password for every site. It is basically [Password slug][Personally important number][site specific keyword] As example, and no, these are not my passwords... Say, the meaningful number is my address, which hypothetically is 101. The slug here will be Password with a capital letter. You get SLU: Password101virtualworld Twitter: Password101tweeting Favebook: Password101status That sort of thing. It also makes them long. For anything critical (ie dealing with money, ebay, amazon, bank, paypal) They all have their own, entirely unique passwords. __________________ -- Ramen Jedburgh Abusively Cute ^_^

06-07-2012, 02:14 PM	#2 (permalink)
Rebel Television Les Yeux Sans Visage Embodiment of Scarlet Devil Join Date: Dec 2007 Posts: 1,408	This is why I try to get everyone I know to use a unique password for every site. But it can be impossible to explain why. To most people, salting is something you do to french fries.

06-07-2012, 02:15 PM	#4 (permalink)
DanielRavenNest Senior Member Rocket Science Library - now open! Join Date: Sep 2009 Location: In UR Internetz Posts: 5,097 My Mood: SL Join Date: Jun 27, 2006 Client: 7 of them (I like testing)	The article is more about "The End of Password Storage as We Know It", and not passwords themselves. What we need are things like USB keychains, where you need a physical device in addition to the password to log in. Then stealing the password won't help, cause you need the device in addition.

06-07-2012, 02:23 PM	#5 (permalink)
Lord Abnormally Normal I Don't Really Exist Do I ? Join Date: Aug 2010 Location: Atlanta, GA Posts: 1,220 My Mood: Client: I try all of them, but for everyday use it's Cool VL Viewer.	I guess we'll have to graduate to PassSentences next ?

06-07-2012, 02:31 PM	#8 (permalink)
Adeon Writer Senior Member Join Date: Apr 2010 Posts: 6,081	I prefer constantly changing passwords. at college all the professors carried a device that told them the password for the current 10-second window.

06-07-2012, 02:56 PM	#10 (permalink)
Brenda Archer Tired *SLU Supporter* Watery Join Date: Sep 2007 Location: Portland Posts: 7,314 My Mood: SL Join Date: 4/28/2005 Blog Entries: 4	In my ideal world sites with large numbers of users, and therefore large numbers of users who don't know how to protect themselves on the internet, would make easily available a good explanation of all the necessary basics to protect yourself online. These tutorials should be written at a VERY basic level in 5th grade English. Part of discouraging the problem is reducing the supply.

06-08-2012, 02:14 AM	#13 (permalink)
Alexi Reggiane Senior Member Join Date: Jan 2008 Location: Little Rock Arkansas Posts: 152 My Mood: SL Join Date: Dec. 9, 2008	At my place of employment we have fingerprint readers to log into computers. My laptop has a fingerprint reader on it. Seems like this might be a good way to go. I don't like using the same passwords for different logins but I am constantly forgetting them to sites i don't go to often. Let me just swipe my forefinger instead.

06-08-2012, 06:18 AM	#18 (permalink)
Ann Otoole Senior Member Join Date: Oct 2008 Posts: 16,374	fingerprint readers fuck up. then you have lost all data.

06-08-2012, 06:38 AM	#20 (permalink)
Evil String & the voices in his head . Join Date: Mar 2009 Posts: 1,468	I'd prefer a fart smell sensor. Mine are unmistakable. If I couldn't remember my password I would only have to eat some beans instead.

06-08-2012, 06:58 AM	#21 (permalink)
Ann Otoole Senior Member Join Date: Oct 2008 Posts: 16,374	maybe you need to get that nematode issue treated.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Logo

Site Navigation