Alternatives to passwords
Moderator: General Moderators
Alternatives to passwords
So, do any of you follow the latest developments considering authentication possibilities on the web? What's the progress on open id (or similar)? Or what about iris scans or something?
I really, really cannot wait to have an alternative to trying to manage literally hundreds and hundreds of username/email/password combo's. Most of them I just write down, or I let my browser remember them. But it's all a big mess. Some passwords are important enough not to write down, some have to be changed by policy once in a while, sometimes I can pick my own un/pw (easy, I pick the same as always), sometimes something random is generated, etc etc
I really, really cannot wait to have an alternative to trying to manage literally hundreds and hundreds of username/email/password combo's. Most of them I just write down, or I let my browser remember them. But it's all a big mess. Some passwords are important enough not to write down, some have to be changed by policy once in a while, sometimes I can pick my own un/pw (easy, I pick the same as always), sometimes something random is generated, etc etc
Re: Alternatives to passwords
OAuth with a service like Twitter is pretty good, likewise Facebook Connect (which I'm seeing a lot of lately). OpenID is a pain to implement but quite effective once it's done. Any biometric solution won't work on a website - too few people will have the capability. Lovely on an intranet though.
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Alternatives to passwords
How about like Yahoo where you upload an image?
Re: Alternatives to passwords
Wasn't that just to make sure you weren't being phished?
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
Re: Alternatives to passwords
Uploading an image sounds more costly to the webmaster. Plus, a password is more in your head than on your hard drive. If you had your password sitting around on your hard drive, then your password would be more vulnerable.
- jayshields
- DevNet Resident
- Posts: 1912
- Joined: Mon Aug 22, 2005 12:11 pm
- Location: Leeds/Manchester, England
Re: Alternatives to passwords
Correct me if I'm wrong about the device, but I had a go with my mates Android phone the other week, and that had an intuitive password thing on it. You have to swipe your finger over 9 (?) buttons in a particular order to unlock the device.
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Alternatives to passwords
Good point. Good point. Plus, I think it is used in unison with a password anyway.
jayshields:
Yeah, I saw that on the T-Mobile website. Pretty cool. The only drawback is that very few people have touch screen computers.
So sad.
I'm still thinking...
jayshields:
Yeah, I saw that on the T-Mobile website. Pretty cool. The only drawback is that very few people have touch screen computers.
I'm still thinking...
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
Re: Alternatives to passwords
We all have mouses though. If we made our passwords a series of swipes and clicks, that would be... Amazing. o.oJonah Bron wrote:The only drawback is that very few people have touch screen computers.
Although, it may run into the problems that we have with passwords, these days. Websites forcing you to build your password to their standards of capitalization, numbers, and special characters is annoying. We'll have a required amount of clicks and twirls. :3
Re: Alternatives to passwords
For you perhaps, but what about for a disabled user? Or someone who's just rubbish at using a mouse? Or someone who uses a mouse in the office, and a trackpad when they're out at a client's office?superdezign wrote:We all have mouses though. If we made our passwords a series of swipes and clicks, that would be... Amazing. o.oJonah Bron wrote:The only drawback is that very few people have touch screen computers.
Anything based on dexterity won't work.
Re: Alternatives to passwords
From what I recall, there is a way of identifying a person by the way they enter the text via their keyboard.
So they give the user a password + an arbitrary string to type, then measure the way they type (delays between different words and characters etc.) and then compare that to the saved data.
So they give the user a password + an arbitrary string to type, then measure the way they type (delays between different words and characters etc.) and then compare that to the saved data.
Re: Alternatives to passwords
Again, based on dexterity. What if you break your arm and can't type normally? What if you're on a train that's moving around? What if there's an emergency and you're panicking? What if someone installs a keylogger that records the time between keystrokes?m4rw3r wrote:From what I recall, there is a way of identifying a person by the way they enter the text via their keyboard.
So they give the user a password + an arbitrary string to type, then measure the way they type (delays between different words and characters etc.) and then compare that to the saved data.
Recall (remembering your password, picking out which image you uploaded) or recall+cognition (what are the first, second and last letters of your password) are the only viable options for a web based login.
Re: Alternatives to passwords
Yeah, it is really hard to come up with an alternative to the password, as almost everything can be imitated / recorded.
- jayshields
- DevNet Resident
- Posts: 1912
- Joined: Mon Aug 22, 2005 12:11 pm
- Location: Leeds/Manchester, England
Re: Alternatives to passwords
I don't like it when people bring up arguments like this. What if you have no vocal cords and no arms or legs? You've got to draw the line somewhere. If you can't type properly you shouldn't really be allowed to log in to secure websites (what happens if someone who can't type properly logs into their bank account online and wants to transfer money - oops wrong account number?).onion2k wrote:Again, based on dexterity. What if you break your arm and can't type normally? What if you're on a train that's moving around? What if there's an emergency and you're panicking? What if someone installs a keylogger that records the time between keystrokes?
Re: Alternatives to passwords
In general, there will always be a need for passwords. I agree that working with biometrics is still future talk until iris scanners are as small as a cell phone and can be dragged around easily
The problem is not so much that I need a password. The problem is that I have around 264 of them
I also believe that there will never be a single method to authenticate. That should also not be forced. Someone mentioned "what if you can't type?". Well, that happens more often then you think. From an accessibility aspect, a blind person or other disabled person not using a keyboard should be able to login just as well.
But, if it would be just possible to reduce the amounts of passwords needed, it would be such a relieve. Maybe openId or something. However, I have looked into openId, and even for me as a developer it's difficult to understand how it works. So I don't see how the general non-tech population is going to use understand and use that
I will take a look at Oauth
The problem is not so much that I need a password. The problem is that I have around 264 of them
I also believe that there will never be a single method to authenticate. That should also not be forced. Someone mentioned "what if you can't type?". Well, that happens more often then you think. From an accessibility aspect, a blind person or other disabled person not using a keyboard should be able to login just as well.
But, if it would be just possible to reduce the amounts of passwords needed, it would be such a relieve. Maybe openId or something. However, I have looked into openId, and even for me as a developer it's difficult to understand how it works. So I don't see how the general non-tech population is going to use understand and use that
I will take a look at Oauth
Re: Alternatives to passwords
What? Logical ones?jayshields wrote:I don't like it when people bring up arguments like this.
That's a reductio ad absurdum argument though. You can take any line of reasoning to a ridiculous extreme; that doesn't tell you anything or give you anything useful. You have to look at all the useful cases up to a point. When it comes to accessibility that's "blind people" or "deaf people" rather than "blind, deaf, mute people with no arms".jayshields wrote:What if you have no vocal cords and no arms or legs?