• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Web Authentication

Ahhzz

Moderator
Staff member
Joined
Feb 27, 2008
Messages
4,827 (1.23/day)
Likes
4,365
System Name Ironic
Processor Intel 2500k 4.4Ghz
Motherboard ASROCK|Z68 PROFESSIONAL Gen 3
Cooling Corsair H60
Memory 32GB GSkill Ripjaw X 1866
Video Card(s) Sapphire R9 290 Vapor-X 4Gb
Storage Western Digital Caviar Black 2TB SATA 3 (6G/s)
Display(s) 22" Dell Wide/ 22" Acer wide/24" Asus
Case Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G9x, custom frame
Keyboard Corsair Vengeance K95
Software Win 7 Ult 64 bit
#1
Not technically Hardware, as it refers to a new proposed standard, but does require hardware for functionality, and I didn't see a "Security" in software :)

Has anyone looked at this proposal, which basically wants to eliminate passwords in favor of biometrics? I am NOT impressed. The courts already have ruled that you can be required, without a warrant, to unlock devices with biometrics. The main reason my Pix2 doesn't use the fingerprint reader. I've got nothing on it that would even remotely get me in trouble (with the possible exception of my ex-wife, if she saw some of the comments between myself and Mrs. Ahhzz heheh), but I would prefer that if the cops want to see in my phone, they have reasonable reason to do so, and have gone thru the process of law to do it. I understand the court's decision makes it "Legal", and indeed, "the process of law" to access my phone via biometrics, I just disagree. If they legitimately feel that there's something on my phone they want to see, they can get a judge to agree.

I'll stick with my passwords, thanks.
 
Joined
Jul 25, 2006
Messages
4,600 (1.02/day)
Likes
3,084
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
#2
I think you are focusing on the minor point and not the bigger picture. Everything you say about law enforcement is true. But that is really a minor point in all this. You (assuming you are telling the truth here! ;)) are like the vast majority of the rest of us here - that is, law abiding folks with nothing to hide that would be of interest to law enforcement or the courts.

The much bigger picture is keeping the bad guys out of our stuff. Passwords, even long pass phrases, can more easily be hacked (or stolen!) than your finger print, retina scan, etc.

One of the problems I see with biometrics, however, is they almost always are backed up with an alternative authentication process - one that uses a password! :(
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
15,653 (3.92/day)
Likes
9,260
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#3
Couldn't agree more @Ahhzz

I've never liked that the phone can be unlocked while you're asleep, say, with your face or finger. It's like giving someone the key. Having to guess a tough password on a secure system on the other hand, they can go whistle.
 
Joined
Jul 25, 2006
Messages
4,600 (1.02/day)
Likes
3,084
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
#4
Having to guess a tough password on a secure system on the other hand, they can go whistle.
If they some how got possession of your phone and are trying to manually guess your "tough" password, I agree. But that is not what that proposal is about. It's about "web" authentication.

Bad guys can and do use automated tools to hack passwords. That's a problem.

And "on a secure system"? What's that? Equifax? Yahoo/Verizon? Uber? eBay?
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
15,653 (3.92/day)
Likes
9,260
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#5
The OP also talks about his smartphone, so it's in context for that. It also applies to web authentication too though as apps can use a smartphone's biometric features for authentication too.

And yeah, "secure" passwords can be cracked on a non-secure system too when the company running it is sloppy. Nothing's perfect, unfortunately. :ohwell:
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
10,892 (4.39/day)
Likes
6,038
Location
Concord, NH
System Name Kratos
Processor Intel Core i7 3930k @ 4.5Ghz
Motherboard ASUS P9X79 Deluxe
Cooling Corsair H100i V2
Memory G.Skill DDR3-2133, 16gb (4x4gb) @ 9-11-10-28-108-1T 1.65v
Video Card(s) MSI AMD Radeon R9 390 GAMING 8GB @ PCI-E 3.0
Storage 2x120Gb SATA3 SSD Raid-0, 4x1Tb RAID-5, 1x500GB, 1x512GB Samsung 960 Pro NVMe
Display(s) 1x LG 27UD69P (4k), 2x Dell S2340M (1080p)
Case Antec 1200
Audio Device(s) Onboard Realtek® ALC898 8-Channel High Definition Audio
Power Supply Seasonic 1000-watt 80 PLUS Platinum
Mouse Logitech G602
Keyboard Rosewill RK-9100
Software Ubuntu 18.04
Benchmark Scores Benchmarks aren't everything.
#6
It looks like some people didn't learn their lesson with SAML the first time. :(
 
Joined
Mar 10, 2015
Messages
567 (0.42/day)
Likes
369
System Name Wut?
Processor 4770K @ Stock
Motherboard MSI Z97 Gaming 7
Cooling Water
Memory 16GB DDR3 2400
Video Card(s) Vega 56
Storage Samsung 840 Pro 256GB
Display(s) 3440 x 1440
Case Thermaltake T81
Power Supply Seasonic 750 Watt Gold
#7
The much bigger picture is keeping the bad guys out of our stuff. Passwords, even long pass phrases, can more easily be hacked (or stolen!) than your finger print, retina scan, etc.
I am guessing you haven't seen how trivial it is to bypass many finger print scanners on phones?
 
Joined
Jul 25, 2006
Messages
4,600 (1.02/day)
Likes
3,084
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
#8
I am guessing you haven't seen how trivial it is to bypass many finger print scanners on phones?
I take it you haven't seen how trivial it is for just about any wannabe hacker to guess, or automate password hacking?

Of course biometrics can be by-passed, but it is not near as simple today you as pretend it to be.

A neighborhood kid can often guess a password if they know you. You cannot guess a thumb print.

I am also guessing you haven't seen how biometric technologies have improved significantly in the last couple years either?

Yes, finger prints can be stolen then manipulated and used to gain access. But not likely by the whizkid next door. And facial recondition scanners have been fooled hi-rez photos and even 3-D printers. But note I also said "retina scans" in my comment. Those are much more difficult to hack.

Regardless, biometrics, when implemented properly, offer much better security than passwords. The problem is, we aren't there yet - at least when it comes down to consumer's every day computing devices.

Here's a good and current read on biometrics. I like it because it also spells out the potential pitfalls too.
 
Joined
Aug 30, 2018
Messages
42 (0.56/day)
Likes
2
Location
United Kingdom
#9
I was wondered when Facebook asked me to end my new picture in order to prove it's me. When I think it over it turned out that we're totally controlled. All our pics are linked to our internet accounts. And now you tell about fingerprints, etc.. I feel like someone is watching me all the time.
 
Joined
Sep 7, 2017
Messages
2,859 (6.62/day)
Likes
1,351
System Name Blackbox
Processor Intel i7-7820x
Motherboard SM C9X299-PG300
Cooling H100i
Memory 16GB 2666..tentatively
Video Card(s) Powercolor Vega 64
Storage 900p 280GB/Barracuda 10TB
Display(s) Viewsonic VX2457 + Samsung 4KTV/Freesync
Case Corsair C70
Power Supply AX860i
Software Win 10 Pro
#10
I don't use biometrics anywhere. And I don't think anyone is cracking my passwords all that easily. So I'm cool.

I'm not exactly paranoid about the tech, but I don't think it's for me. It's for people who are too lazy and or have bad memories with passwords (good passwords).
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
7,632 (1.53/day)
Likes
9,643
Location
Dorset where else eh? >>> Thats ENGLAND<<<
#11
I was wondered when Facebook asked me to end my new picture in order to prove it's me.
Please upload a Scan of your passport or SS ID and Notarized by a Court Official to Confirm Your ID ( Please note this info is shared with the NSA/FBI).
We value Your privacy and will ....................:roll::roll::nutkick:
 
Joined
Jul 16, 2014
Messages
2,575 (1.63/day)
Likes
1,304
Location
SE Michigan
System Name Dumbass
Processor AMD-9370BE @4.6
Motherboard ASUS SABERTOOTH 990FX R2.0 +SB950
Cooling CM Nepton 280L
Memory G.Skill Sniper 16gb DDR3 2400
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage C:\SSD (240GB), D:\Seagate (2TB), E:\Western Digital (1TB)
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Logitech G700s
Keyboard Logitech G910 Orion Spark
Software windows 10
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
#12
After biometrics the next step is your complete identity tatoo'd under your skin. Not sure if thats right before, or right after, the anti-christ makes an appearance.
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
25,541 (5.39/day)
Likes
11,841
Location
Indiana, USA
Processor Intel Core i7 8700K@4.8GHz(Quick and dirty)
Motherboard AsRock Z370 Taichi
Cooling Corsair H110i GTX w/ Noctua NF-A14 Fans
Memory 32GB Corsair DDR4-3000
Video Card(s) ASUS Strix GTX 1080Ti
Storage 500GB Crucial MX500 + 2TB Seagate Solid State Hybrid Drive with 480GB MX200 SSD Cache
Display(s) QNIX QX2710 1440p@120Hz
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply Corsair HX850
Software Windows 10 Pro x64
#13
The courts already have ruled that you can be required, without a warrant, to unlock devices with biometrics.
What ruling allows this without a warrant?
 
Joined
Aug 20, 2007
Messages
10,126 (2.47/day)
Likes
9,077
System Name Pioneer
Processor Intel i7 8700k @ 5.0 GHz All-Core + Uncore & AVX Offset @ 0
Motherboard ASRock Z370 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) BenQ BL3200PT (a 1440p VA Panel with decent latency)
Case Thermaltake Core X31
Audio Device(s) Onboard Toslink to Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Keycaps, Blue legends
Software Windows 10 Enterprise (From former workplace, yay no telemetry)
Benchmark Scores FSExt/TS: FSExt 10734:https://www.3dmark.com/fs/16266163 TS 8154:https://www.3dmark.com/spy/4331316
#14
The much bigger picture is keeping the bad guys out of our stuff. Passwords, even long pass phrases, can more easily be hacked (or stolen!) than your finger print, retina scan, etc.
A proper password is actually much harder to hack than most biometric systems, especially if we factor in 2FA.

I take it you haven't seen how trivial it is for just about any wannabe hacker to guess, or automate password hacking?
The answer to this is education, not switching to an even more flawed and brainless standard.

Of course biometrics can be by-passed, but it is not near as simple today you as pretend it to be.
No, it's simpler. There's a mythbusters episode covering this. It is RIDICULOUSLY easy.

That said...

Has anyone looked at this proposal, which basically wants to eliminate passwords in favor of biometrics?

This is simply a proposed method for accessing credentials via biometrics. What makes you think it's supposed to replace anything?
 

Ahhzz

Moderator
Staff member
Joined
Feb 27, 2008
Messages
4,827 (1.23/day)
Likes
4,365
System Name Ironic
Processor Intel 2500k 4.4Ghz
Motherboard ASROCK|Z68 PROFESSIONAL Gen 3
Cooling Corsair H60
Memory 32GB GSkill Ripjaw X 1866
Video Card(s) Sapphire R9 290 Vapor-X 4Gb
Storage Western Digital Caviar Black 2TB SATA 3 (6G/s)
Display(s) 22" Dell Wide/ 22" Acer wide/24" Asus
Case Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G9x, custom frame
Keyboard Corsair Vengeance K95
Software Win 7 Ult 64 bit
#15
What ruling allows this without a warrant?
https://arstechnica.com/tech-policy...o-was-forced-to-fingerprint-unlock-his-phone/
http://www.startribune.com/mn-appea...sn-t-violate-constitutional-rights/410991655/
https://www.twincities.com/2018/01/...nlock-cell-phone-with-fingerprint-was-lawful/

lower court, appeals court, state supreme court.

Haven't seen a SCOTUS on fingerprints yet, but they did rule that a warrant was required in certain cases regarding law enforcement attempting to access location data from a phone.
 
Joined
Jul 16, 2014
Messages
2,575 (1.63/day)
Likes
1,304
Location
SE Michigan
System Name Dumbass
Processor AMD-9370BE @4.6
Motherboard ASUS SABERTOOTH 990FX R2.0 +SB950
Cooling CM Nepton 280L
Memory G.Skill Sniper 16gb DDR3 2400
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage C:\SSD (240GB), D:\Seagate (2TB), E:\Western Digital (1TB)
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Logitech G700s
Keyboard Logitech G910 Orion Spark
Software windows 10
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
#16
https://arstechnica.com/tech-policy...o-was-forced-to-fingerprint-unlock-his-phone/
http://www.startribune.com/mn-appea...sn-t-violate-constitutional-rights/410991655/
https://www.twincities.com/2018/01/...nlock-cell-phone-with-fingerprint-was-lawful/

lower court, appeals court, state supreme court.

Haven't seen a SCOTUS on fingerprints yet, but they did rule that a warrant was required in certain cases regarding law enforcement attempting to access location data from a phone.
It still a 4th amendment violation until the SCOTUS rules on it. If his lawyer argued only the 5th, he/she was worth shit as a lawyer.
 

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
15,545 (3.35/day)
Likes
6,032
Location
Piteå
System Name A dancer in your disco of fire
Processor i3 4130 3.4Ghz
Motherboard MSI B85M-E45
Cooling Cooler Master Hyper 212 Evo
Memory 4 x 4GB Crucial Ballistix Sport 1400Mhz
Video Card(s) Asus GTX 760 DCU2OC 2GB
Storage Crucial BX100 120GB | WD Blue 1TB x 2
Display(s) BenQ GL2450HT
Case AeroCool DS Cube White
Power Supply Cooler Master G550M
Mouse Intellimouse Explorer 3.0
Keyboard Cherry MX-Board 3.0
Software Windows 10 Pro
Benchmark Scores I once had +100 dorfs in DF, so yeah pretty great
#17
I take it you haven't seen how trivial it is for just about any wannabe hacker to guess, or automate password hacking?

Of course biometrics can be by-passed, but it is not near as simple today you as pretend it to be.

A neighborhood kid can often guess a password if they know you. You cannot guess a thumb print.

I am also guessing you haven't seen how biometric technologies have improved significantly in the last couple years either?

Yes, finger prints can be stolen then manipulated and used to gain access. But not likely by the whizkid next door. And facial recondition scanners have been fooled hi-rez photos and even 3-D printers. But note I also said "retina scans" in my comment. Those are much more difficult to hack.

Regardless, biometrics, when implemented properly, offer much better security than passwords. The problem is, we aren't there yet - at least when it comes down to consumer's every day computing devices.
This isn't the problem with passwords as such, this is a problem with password management. A good password is not weaker than biometrics. The downside is that it's impossible to have good password management without external tools, unless you're a savant of some sort.

I'm not exactly paranoid about the tech, but I don't think it's for me. It's for people who are too lazy and or have bad memories with passwords (good passwords).
So you have good passwords for everything, and you can keep them in your head? You're a savant then, unless you have a bad definition of "good". And in my experience it's not laziness that lies behind bad password management, it's ignorance. Services like Lastpass is easy to use (even across devices) but a lot of people don't know it exists.

A proper password is actually much harder to hack than most biometric systems, especially if we factor in 2FA.
2FA is a pain in the butt though. It depends a bit on the implementation, but on the whole it is awful.
 
Joined
Sep 7, 2017
Messages
2,859 (6.62/day)
Likes
1,351
System Name Blackbox
Processor Intel i7-7820x
Motherboard SM C9X299-PG300
Cooling H100i
Memory 16GB 2666..tentatively
Video Card(s) Powercolor Vega 64
Storage 900p 280GB/Barracuda 10TB
Display(s) Viewsonic VX2457 + Samsung 4KTV/Freesync
Case Corsair C70
Power Supply AX860i
Software Win 10 Pro
#18
This isn't the problem with passwords as such, this is a problem with password management. A good password is not weaker than biometrics. The downside is that it's impossible to have good password management without external tools, unless you're a savant of some sort.



So you have good passwords for everything, and you can keep them in your head? You're a savant then, unless you have a bad definition of "good". And in my experience it's not laziness that lies behind good password management, it's ignorance. Services like Lastpass is easy to use (even across devices) but a lot of people don't know it exists.
I wouldn't call myself a savant by any means. Just a mix of capitals/lowercases/numbers and at least one symbol. I sometimes reuse them.. but not all. But once you type something dozens of times, it sticks.
 
Joined
Jul 16, 2014
Messages
2,575 (1.63/day)
Likes
1,304
Location
SE Michigan
System Name Dumbass
Processor AMD-9370BE @4.6
Motherboard ASUS SABERTOOTH 990FX R2.0 +SB950
Cooling CM Nepton 280L
Memory G.Skill Sniper 16gb DDR3 2400
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage C:\SSD (240GB), D:\Seagate (2TB), E:\Western Digital (1TB)
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Logitech G700s
Keyboard Logitech G910 Orion Spark
Software windows 10
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
#19
This isn't the problem with passwords as such, this is a problem with password management. A good password is not weaker than biometrics. The downside is that it's impossible to have good password management without external tools, unless you're a savant of some sort.



So you have good passwords for everything, and you can keep them in your head? You're a savant then, unless you have a bad definition of "good". And in my experience it's not laziness that lies behind good password management, it's ignorance. Services like Lastpass is easy to use (even across devices) but a lot of people don't know it exists.
I use a password manager, Keepass, so I need to remember just 1 password. I use the password generator for every site and forum and game. Nothing less than 12 characters, which is on the weak side, but I usually stick to 16.
 
Joined
Sep 7, 2017
Messages
2,859 (6.62/day)
Likes
1,351
System Name Blackbox
Processor Intel i7-7820x
Motherboard SM C9X299-PG300
Cooling H100i
Memory 16GB 2666..tentatively
Video Card(s) Powercolor Vega 64
Storage 900p 280GB/Barracuda 10TB
Display(s) Viewsonic VX2457 + Samsung 4KTV/Freesync
Case Corsair C70
Power Supply AX860i
Software Win 10 Pro
#20
All my security problems are mostly someone else's fault actually. Merchants getting my CC number stolen. It's happened multiple times. My fault is saving it on some sites. :\
 

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
15,545 (3.35/day)
Likes
6,032
Location
Piteå
System Name A dancer in your disco of fire
Processor i3 4130 3.4Ghz
Motherboard MSI B85M-E45
Cooling Cooler Master Hyper 212 Evo
Memory 4 x 4GB Crucial Ballistix Sport 1400Mhz
Video Card(s) Asus GTX 760 DCU2OC 2GB
Storage Crucial BX100 120GB | WD Blue 1TB x 2
Display(s) BenQ GL2450HT
Case AeroCool DS Cube White
Power Supply Cooler Master G550M
Mouse Intellimouse Explorer 3.0
Keyboard Cherry MX-Board 3.0
Software Windows 10 Pro
Benchmark Scores I once had +100 dorfs in DF, so yeah pretty great
#21
I wouldn't call myself a savant by any means. Just a mix of capitals/lowercases/numbers and at least one symbol. I sometimes reuse them.. but not all. But once you type something dozens of times, it sticks.
And you have a different string for everything? How many logins do you have to keep track off? Here are the ones I keep track off:
  • Bank pin
  • Bank authentication login, mobile. Luckily most of the "official" stuff (governments, loan applications, phone account, education) can use this
  • Bank authentication, physical
  • Main mail adress
  • Three work mail accounts
  • One semi-serious mail account
  • Wordpress blog
  • Five rental ques (apartments)
  • Steam
  • GOG
  • Humble Bundle
  • Paradox Studios (same account for the store and the forums)
  • Two battle.net accounts
  • Evernote
  • Like ten or so accounts to a work-related site (web portal for power management)
  • A bunch of work related VPN stuff
  • Work related virtual machine management
  • A host of online shops
  • My power provider
  • At least two grocery shops
  • Facebook
  • Tumblr
  • One or two forums which require complicated passwords
And most of them are being good citizens and requires at least eight characters, with a mix of capital letters and numbers and some even require symbols. And this is just my official stuff. I have two trash mail accounts to which is tied a bunch of forum accounts and store accounts for which I reuse a good password I've used for twenty years now, where I never really buy anything but no store would dream of letting you buy anyhing without an account.

Password managers are essential today. Everything's done online and every single thing require an account.

All my security problems are mostly someone else's fault actually. Merchants getting my CC number stolen. It's happened multiple times. My fault is saving it on some sites. :\
Excellent point and very true, and again: everything is done online and everything require accounts that can be compromised. The best you can do is mitigation.
 
Joined
Sep 7, 2017
Messages
2,859 (6.62/day)
Likes
1,351
System Name Blackbox
Processor Intel i7-7820x
Motherboard SM C9X299-PG300
Cooling H100i
Memory 16GB 2666..tentatively
Video Card(s) Powercolor Vega 64
Storage 900p 280GB/Barracuda 10TB
Display(s) Viewsonic VX2457 + Samsung 4KTV/Freesync
Case Corsair C70
Power Supply AX860i
Software Win 10 Pro
#22
And you have a different string for everything? How many logins do you have to keep track off? Here are the ones I keep track off:
  • Bank pin
  • Bank authentication login, mobile. Luckily most of the "official" stuff (governments, loan applications, phone account, education) can use this
  • Bank authentication, physical
  • Main mail adress
  • Three work mail accounts
  • One semi-serious mail account
  • Wordpress blog
  • Five rental ques (apartments)
  • Steam
  • GOG
  • Humble Bundle
  • Paradox Studios (same account for the store and the forums)
  • Two battle.net accounts
  • Evernote
  • Like ten or so accounts to a work-related site (web portal for power management)
  • A bunch of work related VPN stuff
  • Work related virtual machine management
  • A host of online shops
  • My power provider
  • At least two grocery shops
  • Facebook
  • Tumblr
  • One or two forums which require complicated passwords
And most of them are being good citizens and requires at least eight characters, with a mix of capital letters and numbers and some even require symbols. And this is just my official stuff. I have two trash mail accounts to which is tied a bunch of forum accounts and store accounts for which I reuse a good password I've used for twenty years now, where I never really buy anything but no store would dream of letting you buy anyhing without an account.

Password managers are essential today. Everything's done online and every single thing require an account.



Excellent point and very true, and again: everything is done online and everything require accounts that can be compromised. The best you can do is mitigation.
I guess I juggle half as much. Less work related stuff.

I guess I could improve passwords.. The poster above said he used 16 characters. I don't go that far.
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
25,541 (5.39/day)
Likes
11,841
Location
Indiana, USA
Processor Intel Core i7 8700K@4.8GHz(Quick and dirty)
Motherboard AsRock Z370 Taichi
Cooling Corsair H110i GTX w/ Noctua NF-A14 Fans
Memory 32GB Corsair DDR4-3000
Video Card(s) ASUS Strix GTX 1080Ti
Storage 500GB Crucial MX500 + 2TB Seagate Solid State Hybrid Drive with 480GB MX200 SSD Cache
Display(s) QNIX QX2710 1440p@120Hz
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply Corsair HX850
Software Windows 10 Pro x64
#23
https://arstechnica.com/tech-policy...o-was-forced-to-fingerprint-unlock-his-phone/
http://www.startribune.com/mn-appea...sn-t-violate-constitutional-rights/410991655/
https://www.twincities.com/2018/01/...nlock-cell-phone-with-fingerprint-was-lawful/

lower court, appeals court, state supreme court.

Haven't seen a SCOTUS on fingerprints yet, but they did rule that a warrant was required in certain cases regarding law enforcement attempting to access location data from a phone.
None of those are rulings that allow law enforcement to force you to unlock your phone or use biometrics in anyway without a warrant. The rulings were all that a judge can order you to do it, if you are at the stage of a judge ordering it, you are past the warrant stage of the investigation.

It still a 4th amendment violation until the SCOTUS rules on it. If his lawyer argued only the 5th, he/she was worth shit as a lawyer.
It is not a 4th amendment violation, because a judge is ordering it. So it is not an illegal search under the 4th amendment.

The 5th amendment, self incrimination, is really where the argument comes from. So far the legal precedent has been it is not a violation of the 5th amendment, because your biometrics are not protected by the 5th amendment. Giving your fingerprint to unlock your phone is no different than giving a hair sample for DNA or fingerprints for comparison to fingerprints found at the scene. But that won't be solid law until we see case go to the SCOTUS. For right now, it is really going to depend on what judge you get in the case, and how he feels that day...
 

Ahhzz

Moderator
Staff member
Joined
Feb 27, 2008
Messages
4,827 (1.23/day)
Likes
4,365
System Name Ironic
Processor Intel 2500k 4.4Ghz
Motherboard ASROCK|Z68 PROFESSIONAL Gen 3
Cooling Corsair H60
Memory 32GB GSkill Ripjaw X 1866
Video Card(s) Sapphire R9 290 Vapor-X 4Gb
Storage Western Digital Caviar Black 2TB SATA 3 (6G/s)
Display(s) 22" Dell Wide/ 22" Acer wide/24" Asus
Case Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G9x, custom frame
Keyboard Corsair Vengeance K95
Software Win 7 Ult 64 bit
#24
None of those are rulings that allow law enforcement to force you to unlock your phone or use biometrics in anyway without a warrant. The rulings were all that a judge can order you to do it, if you are at the stage of a judge ordering it, you are past the warrant stage of the investigation.


..
That's a good point; the rulings I've read do all refer to a warrant forcing that cooperation, not just police acting on their own. I stand corrected. I still think that if it arrives at the SC, they will rule blue, esp with the conservative shift. They allow police to obtain fingerprints (something you "are", but not something you "know") without a warrant, and I don't see the SC ruling any other way. But, I guess it's something we'll see when we get there. My only hope is that the phone manufacturers beat the cases in a timeline. If the OS allows easy changes to settings (change the 48 hour window to maybe 6), or better support for forcing a passkey, it will make it a completely different ball game...
 
Joined
Jul 25, 2006
Messages
4,600 (1.02/day)
Likes
3,084
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
#25
I am guessing you haven't seen how trivial it is to bypass many finger print scanners on phones?
A proper password is actually much harder to hack than most biometric systems, especially if we factor in 2FA.
First, 2FA changes the scenario so IMO, invalidates the argument.

And Mythbusters? Come on! That was 10 years ago! But not just that, it involved covertly stealing a copy of the fingerprint from the user, then making the copies.

OF COURSE biometrics can be foiled. But it takes a tremendous amount of hands-on time to do it. Hacking a password requires a badguy click a mouse button then he or she can move on to something else while the program crunches.

And again, a badguy would need physical access to a copy of your fingerprint. They don't with a password - reminding readers this thread is about "web authentication" and not stealing a person's phone then lifting a "viable" fingerprint from the phone, making a copy of the fingerprint and then using that to access the phone.

So I stand by what I said,
biometrics, when implemented properly, offer much better security than passwords. The problem is, we aren't there yet - at least when it comes down to consumer's every day computing devices.
 
Top