Intel and some thieves want to ditch passwords altogether

[Raingram]

I'm guessing you've all seen this, but I thought it was appropriate. 
XKCD did a comic a while back about passwords and entropy.
http://xkcd.com/936/

[Jack.EXE]

64 characters!?

I'm guessing you never log out

Nope. I type them at nearly 1200 CPM (240 WPM)

[MrSuperb]

What if a malicious website or software copies the biometric fingerprint... It can access all of your accounts at once

 

Well if the biometric data is stored on seperate chip (like on the iPhone), then the software has no access to it

 

One problem with fingerprints is, that you can't change it.

[mr moose]

What I am hearing is that there is no such thing as a safe way to store a passcode/password.  Not finger print, not NFC/RFID, maybe eyeball?  not for long though.  So what is the answer? cash under the mattress?. 

[StareX]

I WANT THIS!!

[RuecanOnRails]

Using applications/services such as keepass, and lastpass combined with 2 factor authentication makes unique password management easy and secure. Biometric passwords are extremely flawed with a false sense of security where the pros do not outweigh the cons.

 

https://twitter.com/SwiftOnSecurity/status/527896101643616257

 

[TheMidnightNarwhal]

After the Mythbusters episode where they tested the security of finger print readers, I don't trust them at all. I would prefer to see a retinal scanner perhaps? I think that would be more secure and harder to fake.

Are you talking a cheapo phone fingerscanner like one on iPhone or galaxy?

[LifesCompanion]

This shit won't work for me, I've pretty much burnt off my finger prints on both index fingers (a shit ton of chemical, and heat burns at work). 

Intel pls

[LAwLz]

Finger print scanners is a horrible, horrible idea.

 

Benefits:

• Don't have to remember your password. For some this is huge and for some it's not a big deal at all.
   
• Can't be brute forced.

 

Drawbacks:

• Can never be changed. Did the thief somehow get your password? Then you are fucked for life unless you transplant a new finger.
   
• Same password everywhere. With all the security breaches going on you'd think that people would realize having the same password everywhere is a bad idea. Did Target's database get compromised again? Oh, all other accounts are compromised as well.
   
• You are literally leaving your password on everything you touch. You know how having your password written down at your computer is a bad idea? Now imagine writing down your password on every single thing you touch... Couple that with the fact that it's really easy to fool and it's a disaster waiting to happen.
   
• Your friend wants to borrow your account for something? Sorry but he will have to give you his thumb as well.
   
• The recent ruling that finger prints are not protected by the fifth amendment. "Anything you say or do may be used against you in a court of law" really means ANYTHING.
   
• Can't be used by children (when your fingers grow, your finger print changes). Imagine making an account when you're 10 and then it tells you that you're not the real owner when you're 14.
   
• When you die with a normal password, the password is lost with you. Your finger prints stays around for a long time after you are dead.

[Basher99]

biometrics covers so much other than just a fingerprint.  Eye scans though inconvenient are a great way to secure things.  Also i believe a heart beat is unique to each person. They might be able to use that.  On the extreme end are blood matching type technologies.  I hope we never get that far for personal home computing lol.

[That Norwegian Guy]

I usually have 3 different passwords in use at any given time, but I've had maybe 25 total.

[Kamil]

Yeah, lots of very valid points here, but there's one thing that really struck me: if you start having to use your fingerprint for everything, then anybody who gets your fingerprints can log into ALL your stuff FOREVER. The advantage only comes if you use the fingerprint AND something else, and even then it's still not any more secure than other two-factor identification. For example, with Google (and apparently other sites can even just join Google's authentication service since it works on Dropbox too) somebody would need to find out my password AND steal my phone, then break into my phone before I deactivate it. Even if stealing my phone were easier than my finger print (even though my fingerprints are all ON my phone...) once somebody got it I couldn't do a thing to change it and from then on I'm basically just back to passwords.

Besides, lets not forget the veritable goldmine of fingerprints the police have collected. Everybody recommends that whole "Use different passwords on every account and change them regularly", but there's not really a way to do that with fingerprints and even if you use a different one for as many places as you can if somebody were to breach the police database (not that I claim to know how easy that would be, or even what form it's actually in) they would get ALL of your finger prints for EVERYBODY who's been arrested. Not exactly everybody in the country (nor do I know how it is outside the US), but it's a substantial amount and it would be ALL of their accounts even going forward and they'd have no way to stop it.

[SparkySamZa]

the only password i have that are diffrent are the ones that are old and i never bother changing them

or in my case depending on if what im using is social media, email, gaming or college based depends on what password i will use.

[SparkySamZa]

The easiest way to make an unbeatable password is to use a simple word, even 4 characters and hash it. There are hash apps even for your phone, so you can use one PW that you can remember and then use hashes. That way you need to remember just 5 chars and what hash you used.

 

Also, if somebody thins that having 10 chars long PW, but having numbers, alphabet and special characters in it is safer than having a 20 char long PW with only alphabet (Even an some quote you can remember), then youre wrong.

 

The longer the PW, the better. Basically something like: "mypenisissobigthaticanthavesex" is better than "aki_1a69_ND".

Why? Cos if somebody tries to use brute force, he has to try all combinations unless he knows you use only alphabet, but even then, longer PW has MUUUUCH more combinations.

Long PW is 254,186,582,832,900,000,000,000,000,000,000,000,000 combinations when using only lowercase letters in brute force! And the shorter one has 56,880,009,227,646,000,000,000,000,000,000,000 combinations with upper case, lover case, numbers and special characters in the brute force test. Thats much less than longer only alphabet PW that would have XYZ more combinations when I add there Upper case, numbers and special characters to compute the possible combinations.

 

Anyway, as was already told here, MythBusters busted an BioMetric sensor with Latex fingerptint, BallisticGel fingerprint and WAIT FOR IT .... fingerprint printed on paper!

 

 

the point to your image, if you don't use symbols and number and caps all in your password you might as well not have one at all..

[The Crazed Child]

I despise fingerprint scanning, it is the shittiest technology, I had a scanner on an old notebook of mine and it barely registered a swipe

 

maybe when they improve the technology, then yes, but not now

[MiChAeLoKGB]

the point to your image, if you don't use symbols and number and caps all in your password you might as well not have one at all..

Nope, the point is, longer password thats easier to remember is still harder to brute force, than shorter password with upper & lower case, special symbols and numbers.

 

As you can see, I added there the ammount of possible combinations to two passwords. The longer one without fancy stuff had still more combinations than shorter one, and its only when you put lower case letters to it. But when somebody doesnt know if you are using upper case, special characters or numbers. Man, the combinations grow exponentialy.

 

So, again:

 

mypenisissobigthaticanthavesex -> 254,186,582,832,900,000,000,000,000,000,000,000,000 combinations (if you select only lower case letters for bruteforce)

aki_1a69_ND                               ->   56,880,009,227,646,000,000,000,000,000,000,000        combinations (if you select lower case, upper case, special characters and letters for brute force)

 

I think that sums it up pretty nicely.

 

If you really want unbreakable password for really important stuff, then use something like

 

OmgImSoHot -> sha265 -> password. But you won't be able to remember it But its best way of making really hard passwords. Short easy to remember phrase, hash it and use hash of that phrase as password.

 

MD5 -> ef87a32e44e818ff0b24451b01dbe5d6 (ok)

SHA1 -> 725ccbb9123b2d72fe5f0a0dc25d5d0202dbff77 (ok)

SHA256 -> 29c8f5826e16d0c5aa3d608502da72e3cafdb138b00dccf2b4fdfe97e68a3f80 (if you really want to secure something, then here ya go)

SHA384 -> 56ed8bde919600ab2244b5701294ed35e9bf77e7557f1af68991d82b74ff3cb4ccfd5e3070618e06d214861642b668a3 (not practical, at all)

SHA512 -> b0f5f94c28bb1946e224c1436735b76944861cd456622249404b85598d4e8ee8632f6e797aae33c3e31330d8bbfd25eda526f2d4937cdd5508ba8a9ee8e022ae (just rudiculous)