Fingerprinters and Security

[Michael McAllister]

With all of these hacks going on, it's more prudent than ever to make sure that your passwords are strong. Doing so is not always easy, however. If someone guesses the password to your password manager, you're pretty much screwed.

 

If I were Microsoft, Sony, or Amazon, I would strongly suggest or maybe even require that a person use a fingerprint reader as a means of security. It's nearly impossible to remember so many passwords but fingerprints are almost always unique. Why don't these big companies do something similar to what Apple has done? Even take a page out of Blizzard's book and offer authenticators on top of fingerprints.

 

The problem with passwords currently is that they do not require the person trying to access the account to have physical verification. With the authenticator, for example, the randomized code has to match the serial number of the authenticator. The authenticator in this case would not be a phone. The device's sole purpose would be to act as a RNG. While this would not be impossible to hack, it would be an incredible pain in the ass to get around. My Battle.net account got hacked one time. Once I got access back, I immediately bought an authenticator and have had no issues since.

 

The combination of fingerprint and authenticator might be a little bit inconvenient at first, but I think that companies would gain a lot more trust if they went in this direction.

[phillrulz]

im pretty sure i have used my fingerprint to buy something on amazon with my ipad air 2 

[minibois]

Because it's different and new. And most importantly: it is expensive to make it standard.

 

Just be sure to use 2 step verification (preferably on your phone, that only you have access to) whenever possible.

[Michael McAllister]

Because it's different and new. And most importantly: it is expensive to make it standard.

 

Just be sure to use 2 step verification (preferably on your phone, that only you have access to) whenever possible.

 

What if you don't have a mobile phone?

[minibois]

What if you don't have a mobile phone?

Many services offer 2 step verification with mail too ( like Steam).

A lot of people have a smartphone nowadays and I use it myself so it was an easy example I am familiar with

[cesrai]

It's not secure watch mythbusters episode on it you will be shocked.

[Michael McAllister]

Yes, the fingerprint reader they tested wasn't very good.  I'd imagine technology would improve in this area like it does with so many other things.

[SurvivorNVL]

I enjoy two or even three-factor authentication.  I use ridiculously strong passwords, 20 or so characters long and with eight or nine different ones, but always need to have my phone hooked up to things, and maybe in the future a second email(only use a gmail.  hate me, I know D:).  However when it comes to finger prints most of mine seem to have--gone away, so if that becomes a future means of authentication-- crap.  But medications I have taken for years for my chronic inflammatory disease(the meds being the same used in some chemo) have made me actually lose my fingerprints.  I'M NOT REAL D:>

[Michael McAllister]

Even if fingerprinting isn't a feasible solution, there is no reason why Microsoft and other businesses can't offer a $10 authenticator that users can purchase and connect to their accounts. If the hacker has the password but does not have access to the physical authenticator, they're shit out of luck. Again, doing this with a phone seems like a bad idea considering that phones have many uses. A keychain authenticator could easily be concealed under one's clothes.

[Atomika]

I have a password book locked in my safe haha

 

I remember 90% of my passwords and they're all different in most cases.

 

If I need to find the password, I go look in the physical book. More safe than having them in a document or in a password manager.

[cesrai]

Even if fingerprinting isn't a feasible solution, there is no reason why Microsoft and other businesses can't offer a $10 authenticator that users can purchase and connect to their accounts. If the hacker has the password but does not have access to the physical authenticator, they're shit out of luck. Again, doing this with a phone seems like a bad idea considering that phones have many uses. A keychain authenticator could easily be concealed under one's clothes.

Can you elaborate the phone being a bad option ?

[Michael McAllister]

Can you elaborate the phone being a bad option ?

 

Phones are not only expensive but extremely valuable.  People store everything from phone numbers, contacts, banking information, and photos on their mobile devices.  Phones can be tracked relatively easily — every mobile phone has a GPS.  A device that is simply a random number generator would be inherently small and thus easier to conceal under your shirt.  If someone wanted to grab your authenticator, the attempt would have to be obvious.

 

People often place their phones in purses or their pockets.  These are places that can be accessed more inconspicuously under the right circumstances.  How many people are going to try to reach down the front of your sweater?  Chances are that they are not going to do that unless they are complete morons.

[cesrai]

Phones are not only expensive but extremely valuable.  People store everything from phone numbers, contacts, banking information, and photos on their mobile devices.  Phones can be tracked relatively easily — every mobile phone has a GPS.  A device that is simply a random number generator would be inherently small and thus easier to conceal under your shirt.  If someone wanted to grab your authenticator, the attempt would have to be obvious.

 

People often place their phones in purses or their pockets.  These are places that can be accessed more inconspicuously under the right circumstances.  How many people are going to try to reach down the front of your sweater?  Chances are that they are not going to do that unless they are complete morons.

Heard of pocket picking, I don't imagine a hacker that let's say got access to my password and I have 2 step authenticating on, I can't imagine him coming near me and trying to steal my phone, also my phone has a password, seems like it's a long shot if it can happen with my phone it can happen with the key too.

[Sonefiler]

Finger prints are a username, not a password