Coffeehouse Thread

21 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Safe password storage and retrieval

Back to Forum: Coffeehouse
  • User profile image
    exoteric

    Problem!

    Passwords suck; if they're short, they're insecure; if they're long, they're hard to remember; if they're hard to remember one is inclined to write them down thus making them insecure; full circle.

    One solution is to use password phrases but they have a poor user-experience; no-one enjoys entering long passwords on a mobile device, or anywhere else for that matter.

    Solution?

    I imagine a simple device with these properties:

    • compact (credit-card sized; fits in wallet)
    • independent (does not, cannot and need not connect to another computer to operate)
    • does not depend on user memory
    • biometrically authenticated (probably thumbprint)
    • driven by one or more of: chemical energy (battery), kinetic energy, solar energy

    Does such a device (product) exist?

    No such security is typically needed but it would be kind of cool to have such a device.

  • User profile image
    cbae

  • User profile image
    exoteric

    Thanks for your invaluable feedback Wink

  • User profile image
    magicalclick

    fingerprint doesn't work on most girls. And it also doesn't work on worker types. And it doesn't work on injured hands.

    I personally think password is good because it is independent on external forces such as health conditions and clone DNA and fake fingerprint and etc. password is not physical, thus, is independent of away from physical conditions.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    Blue Ink

    , magicalclick wrote

    fingerprint doesn't work on most girls. And it also doesn't work on worker types. And it doesn't work on injured hands.

    I personally think password is good because it is independent on external forces such as health conditions and clone DNA and fake fingerprint and etc. password is not physical, thus, is independent of away from physical conditions.

    +1. Biometrics are convenient, but hardly secure. And the worst is, once your fingerprint is compromised, it stays compromised.

  • User profile image
    seolondon

    So what do you think would be the best solution for password retrieval?

  • User profile image
    JoshRoss

    If you were running Windows 8, you could use the new picture password feature.

    If you're taking feature requests, I would want something like duress mode, where if you were being coerced into unlocking your account, it would look normal but hide information that you deem sensitive, while maintaining plausible deniability. Something like Rubberhose for windows.

    -Josh

  • User profile image
    elmer

    Duress Mode:

    "Mr. Takagi did not see it that way... so he won't be joining us for the rest of his life."

  • User profile image
    AlanBarber

    @exoteric: You mean something like the RSA SecurID key fobs? 

    http://www.emc.com/security/rsa-securid.htm

     

  • User profile image
    spivonious

    I like the card idea, but as pointed out above, fingerprints only work in the right circumstances.

    Maybe voice recognition + RSA keyfob? I don't know if that tech is good enough yet.

  • User profile image
    Harlequin

    Is a retina scan still something that is expensive? If you're retina has been compromised the bad guys have your eyeball...so you're probably not worrying about things much anymore.

  • User profile image
    Dr Herbie

    @Harlequin: Facial recognition?  All you'd really need is a webcam and the software ...

     

    Herbie

  • User profile image
    cbae

    , Dr Herbie wrote

    @Harlequin: Facial recognition?  All you'd really need is a webcam and the software ...

     

    Herbie

    Or a color printer, cardboard stock, and scissors.

  • User profile image
    Dr Herbie

    @cbae: Hmm, OK how about 3D facial recognition using a Kinect ...?

    Herbie

  • User profile image
    RobGreenly

    Solution?

    I imagine a simple device with these properties:

    • compact (credit-card sized; fits in wallet)
    • independent (does not, cannot and need not connect to another computer to operate)
    • does not depend on user memory
    • biometrically authenticated (probably thumbprint)
    • driven by one or more of: chemical energy (battery), kinetic energy, solar energy

    Why build such a complicate system? Complicate systems break down easier. Always settle for simple. All you need is to do is prove who you are.

  • User profile image
    magicalclick

    @Dr Herbie:

    Wear a mask or get a cheap 3D Printer.

    Same with retina, you just setup a kiosk for your service, collect your own retina data from your customers, and use that to 3d print what info you collected, and use it on services other than yours.

    Password has no physical attributes and you can easily setup different passwords, you only have one DNA, one retina, one fingerprint, they are bound to be compromised anyou cannot change them. The lack of multiple passwords, lack of reset, ans lack of recovery just turn the system useless.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    blowdart
  • User profile image
    gogonow

    @Dr Herbie: is that even possible ??

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.