Eliminating Usernames and Passwords

PayPal exec aims to “obliterate passwords from the face of the planet” | Ars Technica: “Phones could also authenticate a user with voice biometrics, eye scans, or facial recognition, he said. On PCs, there would be a browser plugin which could recognize the authentication methods that the system is capable of. A USB stick loaded with FIDO software could also work, allowing users to authenticate to computers they don’t own. Google is reportedly working on similar ways to eliminate the password.” (Via ars technica.) I’ve made it clear on…

Keep reading

Misguided Security Strikes Again

Dear Blizzard Entertainment: You make really cool games. I’ve enjoyed playing all three iterations of Diablo on my various Macs over the years. But your account security nonsense is completely out of hand. I’m sitting in a coffee shop on a rare slow morning, and I really feel like playing a little Diablo III right now, since I haven’t gotten much time to play in months, and I kinda want to blow off some steam after what’s been a pretty stressful few weeks of work and…

Keep reading

Stop Lengthening your Passwords. It's futile.

25-GPU cluster cracks every standard Windows password in  <6 hours For the time being, readers should assume that the vast majority of their passwords are hashed with fast algorithms. That means passwords should never be less than nine characters, and using 13 or even 20 characters offers even better security. But long passwords aren’t enough. Given the prevalence of cracking lists measured in the hundreds of millions, it’s also crucial that passwords not be names, words, or common phrases. One easy way to make sure a passcode…

Keep reading