I was just referring to those cases. In all those case the answer is: don't log into a secure website with which you are capable of doing something stupid by accident.onion2k wrote:What if you break your arm and can't type normally? What if you're on a train that's moving around? What if there's an emergency and you're panicking?
Alternatives to passwords
Moderator: General Moderators
- jayshields
- DevNet Resident
- Posts: 1912
- Joined: Mon Aug 22, 2005 12:11 pm
- Location: Leeds/Manchester, England
Re: Alternatives to passwords
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
Re: Alternatives to passwords
onion2k wrote:When it comes to accessibility that's "blind people" or "deaf people" rather than "blind, deaf, mute people with no arms".
Password as they are now are the most secure way to login with people over your shoulder. Anything visual would reveal your login information.
- jayshields
- DevNet Resident
- Posts: 1912
- Joined: Mon Aug 22, 2005 12:11 pm
- Location: Leeds/Manchester, England
Re: Alternatives to passwords
I read something which presented arguments to say that entering passwords in plain text would probably be benefial in more scenarios than not to some users, I agree, but can't find the link.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Alternatives to passwords
Are you looking for maintaining a huge list of different (and complex) passwords or a stronger way to build an authentication? Have a look at https://addons.mozilla.org/en-US/firefox/addon/8542. If you want to create a strong authentication system, you could use Client Certificate Authentication (http://www.google.fi/search?hl=fi&q=cli ... certificat) which implies that your passwords can easily have 1024-bits of strength.
Re: Alternatives to passwords
http://www.useit.com/alertbox/passwords.htmljayshields wrote:I read something which presented arguments to say that entering passwords in plain text would probably be benefial in more scenarios than not to some users, I agree, but can't find the link.
I read it. I don't really agree with it as is. The idea is sound, but I don't think they should be unmasked by default. It should be an option. I was prompted to write this when I read it: http://blog.ooer.com/?p=209 and coded up a quick demo here: http://www.ooer.com/onion/show_password.php
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Alternatives to passwords
Never show the password by default. I, and probably some other people, need to show live presentations sometimes and if the password is shown as unmasked then everyone watching the PC will get it.
When we are implementing a new feature that might affect security, we must think about all possible side effects. In the demo you gave, the level of security could be improved. I have seen a couple of people who use the tab key intensively to jump from an input to another. In the example you gave, some people will accidentally jump to your check-box and select it after entering the password. A simple way to improve security would be to take care of accesskey and tabindex attributes. I've seen this happening and it's just stupid. :/onion2k wrote:It should be an option.
Re: Alternatives to passwords
There is the iPhone approach to passwords - showing the last character you entered and after a short delay hiding it. Some people tried to emulate that using javascript http://css-tricks.com/better-password-i ... one-style/
I think in a few years we'll start seeing proliferation of biometric identification devices (most laptops already have a fingerprint scanner) that would allow identification without entering passwords. combine that with a centralized login service (openID?) and you might have a good password replacement
I think in a few years we'll start seeing proliferation of biometric identification devices (most laptops already have a fingerprint scanner) that would allow identification without entering passwords. combine that with a centralized login service (openID?) and you might have a good password replacement