Alternatives to passwords

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Re: Alternatives to passwords

Post by jayshields »

onion2k wrote:What if you break your arm and can't type normally? What if you're on a train that's moving around? What if there's an emergency and you're panicking?
I was just referring to those cases. In all those case the answer is: don't log into a secure website with which you are capable of doing something stupid by accident.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: Alternatives to passwords

Post by superdezign »

onion2k wrote:When it comes to accessibility that's "blind people" or "deaf people" rather than "blind, deaf, mute people with no arms".
:lol:

Password as they are now are the most secure way to login with people over your shoulder. Anything visual would reveal your login information.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Re: Alternatives to passwords

Post by jayshields »

I read something which presented arguments to say that entering passwords in plain text would probably be benefial in more scenarios than not to some users, I agree, but can't find the link.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Alternatives to passwords

Post by kaisellgren »

Are you looking for maintaining a huge list of different (and complex) passwords or a stronger way to build an authentication? Have a look at https://addons.mozilla.org/en-US/firefox/addon/8542. If you want to create a strong authentication system, you could use Client Certificate Authentication (http://www.google.fi/search?hl=fi&q=cli ... certificat) which implies that your passwords can easily have 1024-bits of strength.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Alternatives to passwords

Post by onion2k »

jayshields wrote:I read something which presented arguments to say that entering passwords in plain text would probably be benefial in more scenarios than not to some users, I agree, but can't find the link.
http://www.useit.com/alertbox/passwords.html

I read it. I don't really agree with it as is. The idea is sound, but I don't think they should be unmasked by default. It should be an option. I was prompted to write this when I read it: http://blog.ooer.com/?p=209 and coded up a quick demo here: http://www.ooer.com/onion/show_password.php
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Alternatives to passwords

Post by kaisellgren »

Never show the password by default. I, and probably some other people, need to show live presentations sometimes and if the password is shown as unmasked then everyone watching the PC will get it.
onion2k wrote:It should be an option.
When we are implementing a new feature that might affect security, we must think about all possible side effects. In the demo you gave, the level of security could be improved. I have seen a couple of people who use the tab key intensively to jump from an input to another. In the example you gave, some people will accidentally jump to your check-box and select it after entering the password. A simple way to improve security would be to take care of accesskey and tabindex attributes. I've seen this happening and it's just stupid. :/
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: Alternatives to passwords

Post by Eran »

There is the iPhone approach to passwords - showing the last character you entered and after a short delay hiding it. Some people tried to emulate that using javascript http://css-tricks.com/better-password-i ... one-style/

I think in a few years we'll start seeing proliferation of biometric identification devices (most laptops already have a fingerprint scanner) that would allow identification without entering passwords. combine that with a centralized login service (openID?) and you might have a good password replacement
Post Reply