Alternatives to passwords

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Alternatives to passwords

Post by matthijs »

So, do any of you follow the latest developments considering authentication possibilities on the web? What's the progress on open id (or similar)? Or what about iris scans or something?

I really, really cannot wait to have an alternative to trying to manage literally hundreds and hundreds of username/email/password combo's. Most of them I just write down, or I let my browser remember them. But it's all a big mess. Some passwords are important enough not to write down, some have to be changed by policy once in a while, sometimes I can pick my own un/pw (easy, I pick the same as always), sometimes something random is generated, etc etc
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Alternatives to passwords

Post by onion2k »

OAuth with a service like Twitter is pretty good, likewise Facebook Connect (which I'm seeing a lot of lately). OpenID is a pain to implement but quite effective once it's done. Any biometric solution won't work on a website - too few people will have the capability. Lovely on an intranet though.
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Alternatives to passwords

Post by Jonah Bron »

How about like Yahoo where you upload an image?
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Alternatives to passwords

Post by jackpf »

Wasn't that just to make sure you weren't being phished?
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: Alternatives to passwords

Post by superdezign »

Uploading an image sounds more costly to the webmaster. Plus, a password is more in your head than on your hard drive. If you had your password sitting around on your hard drive, then your password would be more vulnerable.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Re: Alternatives to passwords

Post by jayshields »

Correct me if I'm wrong about the device, but I had a go with my mates Android phone the other week, and that had an intuitive password thing on it. You have to swipe your finger over 9 (?) buttons in a particular order to unlock the device.
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Alternatives to passwords

Post by Jonah Bron »

Good point. Good point. Plus, I think it is used in unison with a password anyway.

jayshields:
Yeah, I saw that on the T-Mobile website. Pretty cool. The only drawback is that very few people have touch screen computers. :( So sad.

I'm still thinking...
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: Alternatives to passwords

Post by superdezign »

Jonah Bron wrote:The only drawback is that very few people have touch screen computers.
We all have mouses though. If we made our passwords a series of swipes and clicks, that would be... Amazing. o.o

Although, it may run into the problems that we have with passwords, these days. Websites forcing you to build your password to their standards of capitalization, numbers, and special characters is annoying. We'll have a required amount of clicks and twirls. :3
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Alternatives to passwords

Post by onion2k »

superdezign wrote:
Jonah Bron wrote:The only drawback is that very few people have touch screen computers.
We all have mouses though. If we made our passwords a series of swipes and clicks, that would be... Amazing. o.o
For you perhaps, but what about for a disabled user? Or someone who's just rubbish at using a mouse? Or someone who uses a mouse in the office, and a trackpad when they're out at a client's office?

Anything based on dexterity won't work.
User avatar
m4rw3r
Forum Commoner
Posts: 33
Joined: Mon Aug 03, 2009 4:19 pm
Location: Sweden

Re: Alternatives to passwords

Post by m4rw3r »

From what I recall, there is a way of identifying a person by the way they enter the text via their keyboard.
So they give the user a password + an arbitrary string to type, then measure the way they type (delays between different words and characters etc.) and then compare that to the saved data.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Alternatives to passwords

Post by onion2k »

m4rw3r wrote:From what I recall, there is a way of identifying a person by the way they enter the text via their keyboard.
So they give the user a password + an arbitrary string to type, then measure the way they type (delays between different words and characters etc.) and then compare that to the saved data.
Again, based on dexterity. What if you break your arm and can't type normally? What if you're on a train that's moving around? What if there's an emergency and you're panicking? What if someone installs a keylogger that records the time between keystrokes?

Recall (remembering your password, picking out which image you uploaded) or recall+cognition (what are the first, second and last letters of your password) are the only viable options for a web based login.
User avatar
m4rw3r
Forum Commoner
Posts: 33
Joined: Mon Aug 03, 2009 4:19 pm
Location: Sweden

Re: Alternatives to passwords

Post by m4rw3r »

Yeah, it is really hard to come up with an alternative to the password, as almost everything can be imitated / recorded.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Re: Alternatives to passwords

Post by jayshields »

onion2k wrote:Again, based on dexterity. What if you break your arm and can't type normally? What if you're on a train that's moving around? What if there's an emergency and you're panicking? What if someone installs a keylogger that records the time between keystrokes?
I don't like it when people bring up arguments like this. What if you have no vocal cords and no arms or legs? You've got to draw the line somewhere. If you can't type properly you shouldn't really be allowed to log in to secure websites (what happens if someone who can't type properly logs into their bank account online and wants to transfer money - oops wrong account number?).
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Alternatives to passwords

Post by matthijs »

In general, there will always be a need for passwords. I agree that working with biometrics is still future talk until iris scanners are as small as a cell phone and can be dragged around easily

The problem is not so much that I need a password. The problem is that I have around 264 of them

I also believe that there will never be a single method to authenticate. That should also not be forced. Someone mentioned "what if you can't type?". Well, that happens more often then you think. From an accessibility aspect, a blind person or other disabled person not using a keyboard should be able to login just as well.

But, if it would be just possible to reduce the amounts of passwords needed, it would be such a relieve. Maybe openId or something. However, I have looked into openId, and even for me as a developer it's difficult to understand how it works. So I don't see how the general non-tech population is going to use understand and use that

I will take a look at Oauth
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Alternatives to passwords

Post by onion2k »

jayshields wrote:I don't like it when people bring up arguments like this.
What? Logical ones? :wink:
jayshields wrote:What if you have no vocal cords and no arms or legs?
That's a reductio ad absurdum argument though. You can take any line of reasoning to a ridiculous extreme; that doesn't tell you anything or give you anything useful. You have to look at all the useful cases up to a point. When it comes to accessibility that's "blind people" or "deaf people" rather than "blind, deaf, mute people with no arms".
Post Reply