Safe password storage and retrieval

Follow
Oops, something didn't work.

Try again?

Sign In to be begin to follow this thread

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.

Getting "follow" information

Stop following this thread

Start following this thread

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.

Removing your "follow"

Setting up your "follow"

Did you know you can
sign up for email notifications?
- Subscribe to this feed

reddit

Tweet

exoteric
Oct 15, 2012 at 4:23 PM
Problem!
Passwords suck; if they're short, they're insecure; if they're long, they're hard to remember; if they're hard to remember one is inclined to write them down thus making them insecure; full circle.
One solution is to use password phrases but they have a poor user-experience; no-one enjoys entering long passwords on a mobile device, or anywhere else for that matter.
Solution?
I imagine a simple device with these properties:
- compact (credit-card sized; fits in wallet)
- independent (does not, cannot and need not connect to another computer to operate)
- does not depend on user memory
- biometrically authenticated (probably thumbprint)
- driven by one or more of: chemical energy (battery), kinetic energy, solar energy
Does such a device (product) exist?
No such security is typically needed but it would be kind of cool to have such a device.
cbae

Oct 15, 2012 at 4:26 PM
exoteric

Oct 15, 2012 at 4:56 PM

Thanks for your invaluable feedback
magicalclick remember the flow

Oct 15, 2012 at 6:27 PM

fingerprint doesn't work on most girls. And it also doesn't work on worker types. And it doesn't work on injured hands.
I personally think password is good because it is independent on external forces such as health conditions and clone DNA and fake fingerprint and etc. password is not physical, thus, is independent of away from physical conditions.
Blue Ink C you

Oct 15, 2012 at 7:17 PM

2 minutes ago, magicalclick wrote
fingerprint doesn't work on most girls. And it also doesn't work on worker types. And it doesn't work on injured hands.
I personally think password is good because it is independent on external forces such as health conditions and clone DNA and fake fingerprint and etc. password is not physical, thus, is independent of away from physical conditions.
+1. Biometrics are convenient, but hardly secure. And the worst is, once your fingerprint is compromised, it stays compromised.
seolondon

Oct 15, 2012 at 8:01 PM

So what do you think would be the best solution for password retrieval?
Jsoh :::Windows 8 Style UI :::

Oct 15, 2012 at 8:44 PM

If you were running Windows 8, you could use the new picture password feature.
If you're taking feature requests, I would want something like duress mode, where if you were being coerced into unlocking your account, it would look normal but hide information that you deem sensitive, while maintaining plausible deniability. Something like Rubberhose for windows.
-Josh
elmer I'm on my very last life.

Oct 15, 2012 at 10:50 PM

Duress Mode:
"Mr. Takagi did not see it that way... so he won't be joining us for the rest of his life."
AlanBarber

Oct 16, 2012 at 5:46 AM

@exoteric: You mean something like the RSA SecurID key fobs?
http://www.emc.com/security/rsa-securid.htm
spivonious

Oct 16, 2012 at 6:45 AM

I like the card idea, but as pointed out above, fingerprints only work in the right circumstances.
Maybe voice recognition + RSA keyfob? I don't know if that tech is good enough yet.
Harlequin http://twitter.com/TrueHarlequin

Oct 16, 2012 at 7:16 AM

Is a retina scan still something that is expensive? If you're retina has been compromised the bad guys have your eyeball...so you're probably not worrying about things much anymore.
Dr Herbie Horses for courses

Oct 16, 2012 at 7:31 AM

@Harlequin: Facial recognition? All you'd really need is a webcam and the software ...

Herbie
cbae

Oct 16, 2012 at 7:40 AM

8 minutes ago, Dr Herbie wrote
@Harlequin: Facial recognition? All you'd really need is a webcam and the software ...

Herbie
Or a color printer, cardboard stock, and scissors.
Dr Herbie Horses for courses

Oct 16, 2012 at 7:56 AM

@cbae: Hmm, OK how about 3D facial recognition using a Kinect ...?
Herbie
RobGreenly
Oct 16, 2012 at 7:58 AM
Solution?
I imagine a simple device with these properties:
compact (credit-card sized; fits in wallet)
independent (does not, cannot and need not connect to another computer to operate)
does not depend on user memory
biometrically authenticated (probably thumbprint)
driven by one or more of: chemical energy (battery), kinetic energy, solar energy
Why build such a complicate system? Complicate systems break down easier. Always settle for simple. All you need is to do is prove who you are.
magicalclick remember the flow

Oct 16, 2012 at 8:26 AM

@Dr Herbie:
Wear a mask or get a cheap 3D Printer.
Same with retina, you just setup a kiosk for your service, collect your own retina data from your customers, and use that to 3d print what info you collected, and use it on services other than yours.
Password has no physical attributes and you can easily setup different passwords, you only have one DNA, one retina, one fingerprint, they are bound to be compromised anyou cannot change them. The lack of multiple passwords, lack of reset, ans lack of recovery just turn the system useless.
blowdart Peek-a-boo

Oct 16, 2012 at 10:32 AM

Obligatory
http://xkcd.com/538/
gogonow

Oct 16, 2012 at 10:44 AM

@Dr Herbie: is that even possible ??

Safe password storage and retrieval

What does this mean?

What does this mean?

Add your 2¢