• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Web Authentication

Joined
Feb 27, 2008
Messages
4,542 (1.20/day)
Likes
3,939
System Name Ironic
Processor Intel 2500k 4.4Ghz
Motherboard ASROCK|Z68 PROFESSIONAL Gen 3
Cooling Corsair H60
Memory 32GB GSkill Ripjaw X 1866
Video Card(s) Sapphire R9 290 Vapor-X 4Gb
Storage Western Digital Caviar Black 2TB SATA 3 (6G/s)
Display(s) 22" Dell Wide/ 22" Acer wide/24" Asus
Case Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G9x, custom frame
Keyboard Roccat Ryos MK
Software Win 7 Ult 64 bit (with a side of XP64)
#1
Not technically Hardware, as it refers to a new proposed standard, but does require hardware for functionality, and I didn't see a "Security" in software :)

Has anyone looked at this proposal, which basically wants to eliminate passwords in favor of biometrics? I am NOT impressed. The courts already have ruled that you can be required, without a warrant, to unlock devices with biometrics. The main reason my Pix2 doesn't use the fingerprint reader. I've got nothing on it that would even remotely get me in trouble (with the possible exception of my ex-wife, if she saw some of the comments between myself and Mrs. Ahhzz heheh), but I would prefer that if the cops want to see in my phone, they have reasonable reason to do so, and have gone thru the process of law to do it. I understand the court's decision makes it "Legal", and indeed, "the process of law" to access my phone via biometrics, I just disagree. If they legitimately feel that there's something on my phone they want to see, they can get a judge to agree.

I'll stick with my passwords, thanks.
 
Joined
Jul 25, 2006
Messages
4,165 (0.95/day)
Likes
2,763
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
#2
I think you are focusing on the minor point and not the bigger picture. Everything you say about law enforcement is true. But that is really a minor point in all this. You (assuming you are telling the truth here! ;)) are like the vast majority of the rest of us here - that is, law abiding folks with nothing to hide that would be of interest to law enforcement or the courts.

The much bigger picture is keeping the bad guys out of our stuff. Passwords, even long pass phrases, can more easily be hacked (or stolen!) than your finger print, retina scan, etc.

One of the problems I see with biometrics, however, is they almost always are backed up with an alternative authentication process - one that uses a password! :(
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
15,264 (3.93/day)
Likes
8,894
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#3
Couldn't agree more @Ahhzz

I've never liked that the phone can be unlocked while you're asleep, say, with your face or finger. It's like giving someone the key. Having to guess a tough password on a secure system on the other hand, they can go whistle.
 
Joined
Jul 25, 2006
Messages
4,165 (0.95/day)
Likes
2,763
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
#4
Having to guess a tough password on a secure system on the other hand, they can go whistle.
If they some how got possession of your phone and are trying to manually guess your "tough" password, I agree. But that is not what that proposal is about. It's about "web" authentication.

Bad guys can and do use automated tools to hack passwords. That's a problem.

And "on a secure system"? What's that? Equifax? Yahoo/Verizon? Uber? eBay?
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
15,264 (3.93/day)
Likes
8,894
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#5
The OP also talks about his smartphone, so it's in context for that. It also applies to web authentication too though as apps can use a smartphone's biometric features for authentication too.

And yeah, "secure" passwords can be cracked on a non-secure system too when the company running it is sloppy. Nothing's perfect, unfortunately. :ohwell:
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
10,730 (4.54/day)
Likes
5,848
Location
Concord, NH
System Name Kratos
Processor Intel Core i7 3930k @ 4.5Ghz
Motherboard ASUS P9X79 Deluxe
Cooling Corsair H100i V2
Memory G.Skill DDR3-2133, 16gb (4x4gb) @ 9-11-10-28-108-1T 1.65v
Video Card(s) MSI AMD Radeon R9 390 GAMING 8GB @ PCI-E 3.0
Storage 2x120Gb SATA3 Corsair Force GT Raid-0, 4x1Tb RAID-5, 1x500GB
Display(s) 1x LG 27UD69P (4k), 2x Dell S2340M (1080p)
Case Antec 1200
Audio Device(s) Onboard Realtek® ALC898 8-Channel High Definition Audio
Power Supply Seasonic 1000-watt 80 PLUS Platinum
Mouse Logitech G602
Keyboard Rosewill RK-9100
Software Ubuntu 18.04
Benchmark Scores Benchmarks aren't everything.
#6
It looks like some people didn't learn their lesson with SAML the first time. :(
 
Joined
Mar 10, 2015
Messages
459 (0.37/day)
Likes
296
System Name Wut?
Processor 4770K @ Stock
Motherboard MSI Z97 Gaming 7
Cooling Water
Memory 16GB DDR3 2400
Video Card(s) EVGA 980 SC
Storage Samsung 840 Pro 256GB
Display(s) 2 x 1920x1080
Case Thermaltake T81
Power Supply Seasonic 750 Watt Gold (was planning 290X CFX, never happened)
#7
The much bigger picture is keeping the bad guys out of our stuff. Passwords, even long pass phrases, can more easily be hacked (or stolen!) than your finger print, retina scan, etc.
I am guessing you haven't seen how trivial it is to bypass many finger print scanners on phones?
 
Joined
Jul 25, 2006
Messages
4,165 (0.95/day)
Likes
2,763
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
#8
I am guessing you haven't seen how trivial it is to bypass many finger print scanners on phones?
I take it you haven't seen how trivial it is for just about any wannabe hacker to guess, or automate password hacking?

Of course biometrics can be by-passed, but it is not near as simple today you as pretend it to be.

A neighborhood kid can often guess a password if they know you. You cannot guess a thumb print.

I am also guessing you haven't seen how biometric technologies have improved significantly in the last couple years either?

Yes, finger prints can be stolen then manipulated and used to gain access. But not likely by the whizkid next door. And facial recondition scanners have been fooled hi-rez photos and even 3-D printers. But note I also said "retina scans" in my comment. Those are much more difficult to hack.

Regardless, biometrics, when implemented properly, offer much better security than passwords. The problem is, we aren't there yet - at least when it comes down to consumer's every day computing devices.

Here's a good and current read on biometrics. I like it because it also spells out the potential pitfalls too.
 
Top