This thread is permanently archived
How to Eliminate the World's Need for Passwords
| Insead of having you input a password, the passwordless FIDO standard relies on having you input a PIN.
The main concept that FIDO believes will ultimately solve the issue is for operating systems to implement a "FIDO credential" manager, or a password manager if you may, which Apple says is its "contribution to a post-password world...."
https://media.fidoalliance.org/wp-content/uploads/2022/03/How-FIDO-Addresses-a-Full-Range-of-Use-Cases.pdf
| ...isn't a pin just a password?
| what
| atm, fairly happy i don't rely on the mentioned members as clearly their incompitant and whenever this gets implemented it'll probably be mandatory and frustration would follow
| >>842880 can't we have just password what would being powered by random generated passwords? No one can hack in account when password will change itself all the time
| We should use a government card that has a button you press that shows your info and a 20 digit code. The code would be a one use expires in milliseconds thing, and the private key would be stored in a shielded board within the card. The government card would be solar+solid state capacitor powered
It would have to use some crazy stupid encryption that even a quantum computer would take time to crack
Also, no backwards compatibility. That's how things get hacked.
| >>843041 government card is pretty bad idea
Concept is ok, but it would be better if would specified private companies do it
| >>843041 also you will need to replace them once per time, you can lose it anytime, you will need to change it, for example like card from bank
| >>843041 bank identity can makes sense, but it's wrong, because governments could regulate internet after. OpenID is in general the most secure way how to login when you are only one who have access to main account
| >>843053 having some companies do it is no better from that perspective because then those companies plus governments can. We just need servers to implement good policies and for more people to use whatever kind of password manager works for them
| >which Apple says is its "contribution to a post-password world...."
Listen, I don't trust an intercorp with what they think about security (and especially not privacy), so I may be biased. But a "post-password world"? For what, so that big corps can ask one centralized server what our passwords are and enter any of our accounts?
This sounds like a horrible idea, I hope it never takes off. Passwords are private enough.
| >>843301 yes, but companies care about money, not things like "national security" or "ideology". Login over Google account is honestly better than under real name under monitoring of chinese government
| >>844019
Yup, pretty much everyone who wants to supplant passwords wants to be the universal gatekeeper for whatever password replacement they're currently peddling. This leads to even more privacy issues plus single-point denial of service issues.
| To paraphrase Churchill, "passwords are the worst authentication mechanism, except for all the others". There's a great paper by Herley and van Oorschot on the capabilities required of a mechanism that will be able to successfully supplant passwords. Turns out there's only one single mechanism that does all that: Passwords. There's a reason why they've stuck around forever, and why pretty much every attempt to replace them has failed.
| A password protection class might be nice in high school. For students and teachers
| If a for-profit business is talking to you about security, privacy, or anything else that would benefit the end user, expect them to be lying.
| >>844110
>yes, but companies care about money, not things like "national security" or "ideology"
If the nation secures the ideology of increasing profit, than companies care much about "national security" and "ideology" :-P
| >>844110
Oh, and of course it also works the other way around:
If a nation or ideology threatens the companies money than they care too about it. For example if their business concept is about bending or even breaking law - which is surprisingly common in todays tech industry. Innovation my ass. E.g. Microsoft never sold good software and apple never made money with selling hardware. They are all monopolistic patent and service provider trolls.
| >>848572 >>848573 i just mean that collected data will be used for commercial purposes and not for things like investigation, justice etc. Companies don't restricting personal rights for public good and so
| >>848925 they'll cooperate with states because they don't want to be shut down or even arrested, plus companies can definitely do dangerous or repressive stuff on their own initiative, if there's money in it. Their interest is money, not peoples' rights
This thread is permanently archived
| The board members of the FIDO alliance include Amazon, Google, PayPal, RSA, and Apple and Microsoft (as well as Intel and Arm) has finally identified "the missing piece of the puzzle" for achieving large-scale adoption of passwordless technology.