Coffeehouse Thread

21 posts

Safe password storage and retrieval

Back to Forum: Coffeehouse
  • exoteric

    Problem!

    Passwords suck; if they're short, they're insecure; if they're long, they're hard to remember; if they're hard to remember one is inclined to write them down thus making them insecure; full circle.

    One solution is to use password phrases but they have a poor user-experience; no-one enjoys entering long passwords on a mobile device, or anywhere else for that matter.

    Solution?

    I imagine a simple device with these properties:

    • compact (credit-card sized; fits in wallet)
    • independent (does not, cannot and need not connect to another computer to operate)
    • does not depend on user memory
    • biometrically authenticated (probably thumbprint)
    • driven by one or more of: chemical energy (battery), kinetic energy, solar energy

    Does such a device (product) exist?

    No such security is typically needed but it would be kind of cool to have such a device.

  • cbae

  • exoteric

    Thanks for your invaluable feedback Wink

  • magicalclick

    fingerprint doesn't work on most girls. And it also doesn't work on worker types. And it doesn't work on injured hands.

    I personally think password is good because it is independent on external forces such as health conditions and clone DNA and fake fingerprint and etc. password is not physical, thus, is independent of away from physical conditions.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • Blue Ink

    , magicalclick wrote

    fingerprint doesn't work on most girls. And it also doesn't work on worker types. And it doesn't work on injured hands.

    I personally think password is good because it is independent on external forces such as health conditions and clone DNA and fake fingerprint and etc. password is not physical, thus, is independent of away from physical conditions.

    +1. Biometrics are convenient, but hardly secure. And the worst is, once your fingerprint is compromised, it stays compromised.

  • seolondon

    So what do you think would be the best solution for password retrieval?

  • JoshRoss

    If you were running Windows 8, you could use the new picture password feature.

    If you're taking feature requests, I would want something like duress mode, where if you were being coerced into unlocking your account, it would look normal but hide information that you deem sensitive, while maintaining plausible deniability. Something like Rubberhose for windows.

    -Josh

  • elmer

    Duress Mode:

    "Mr. Takagi did not see it that way... so he won't be joining us for the rest of his life."

  • AlanBarber

    @exoteric: You mean something like the RSA SecurID key fobs? 

    http://www.emc.com/security/rsa-securid.htm

     

  • spivonious

    I like the card idea, but as pointed out above, fingerprints only work in the right circumstances.

    Maybe voice recognition + RSA keyfob? I don't know if that tech is good enough yet.

  • Harlequin

    Is a retina scan still something that is expensive? If you're retina has been compromised the bad guys have your eyeball...so you're probably not worrying about things much anymore.

  • Dr Herbie

    @Harlequin: Facial recognition?  All you'd really need is a webcam and the software ...

     

    Herbie

  • cbae

    , Dr Herbie wrote

    @Harlequin: Facial recognition?  All you'd really need is a webcam and the software ...

     

    Herbie

    Or a color printer, cardboard stock, and scissors.

  • Dr Herbie

    @cbae: Hmm, OK how about 3D facial recognition using a Kinect ...?

    Herbie

  • RobGreenly

    Solution?

    I imagine a simple device with these properties:

    • compact (credit-card sized; fits in wallet)
    • independent (does not, cannot and need not connect to another computer to operate)
    • does not depend on user memory
    • biometrically authenticated (probably thumbprint)
    • driven by one or more of: chemical energy (battery), kinetic energy, solar energy

    Why build such a complicate system? Complicate systems break down easier. Always settle for simple. All you need is to do is prove who you are.

  • magicalclick

    @Dr Herbie:

    Wear a mask or get a cheap 3D Printer.

    Same with retina, you just setup a kiosk for your service, collect your own retina data from your customers, and use that to 3d print what info you collected, and use it on services other than yours.

    Password has no physical attributes and you can easily setup different passwords, you only have one DNA, one retina, one fingerprint, they are bound to be compromised anyou cannot change them. The lack of multiple passwords, lack of reset, ans lack of recovery just turn the system useless.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • blowdart
  • gogonow

    @Dr Herbie: is that even possible ??

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.