Page 2 of 2
Re: Alternatives to passwords
Posted: Fri Aug 07, 2009 7:57 am
by jayshields
onion2k wrote:What if you break your arm and can't type normally? What if you're on a train that's moving around? What if there's an emergency and you're panicking?
I was just referring to those cases. In all those case the answer is: don't log into a secure website with which you are capable of doing something stupid by accident.
Re: Alternatives to passwords
Posted: Fri Aug 07, 2009 3:17 pm
by superdezign
onion2k wrote:When it comes to accessibility that's "blind people" or "deaf people" rather than "blind, deaf, mute people with no arms".
Password as they are now are the most secure way to login with people over your shoulder. Anything visual would reveal your login information.
Re: Alternatives to passwords
Posted: Fri Aug 07, 2009 6:35 pm
by jayshields
I read something which presented arguments to say that entering passwords in plain text would probably be benefial in more scenarios than not to some users, I agree, but can't find the link.
Re: Alternatives to passwords
Posted: Sat Aug 08, 2009 5:28 am
by kaisellgren
Are you looking for maintaining a huge list of different (and complex) passwords or a stronger way to build an authentication? Have a look at
https://addons.mozilla.org/en-US/firefox/addon/8542. If you want to create a strong authentication system, you could use Client Certificate Authentication (
http://www.google.fi/search?hl=fi&q=cli ... certificat) which implies that your passwords can easily have 1024-bits of strength.
Re: Alternatives to passwords
Posted: Tue Aug 11, 2009 3:27 am
by onion2k
jayshields wrote:I read something which presented arguments to say that entering passwords in plain text would probably be benefial in more scenarios than not to some users, I agree, but can't find the link.
http://www.useit.com/alertbox/passwords.html
I read it. I don't really agree with it
as is. The idea is sound, but I don't think they should be unmasked by default. It should be an option. I was prompted to write this when I read it:
http://blog.ooer.com/?p=209 and coded up a quick demo here:
http://www.ooer.com/onion/show_password.php
Re: Alternatives to passwords
Posted: Sat Aug 15, 2009 1:30 am
by kaisellgren
Never show the password by default. I, and probably some other people, need to show live presentations sometimes and if the password is shown as unmasked then everyone watching the PC will get it.
onion2k wrote:It should be an option.
When we are implementing a new feature that might affect security, we must think about all possible side effects. In the demo you gave, the level of security could be improved. I have seen a couple of people who use the tab key intensively to jump from an input to another. In the example you gave, some people will accidentally jump to your check-box and select it after entering the password. A simple way to improve security would be to take care of accesskey and tabindex attributes. I've seen this happening and it's just stupid. :/
Re: Alternatives to passwords
Posted: Sat Aug 15, 2009 7:14 am
by Eran
There is the iPhone approach to passwords - showing the last character you entered and after a short delay hiding it. Some people tried to emulate that using javascript
http://css-tricks.com/better-password-i ... one-style/
I think in a few years we'll start seeing proliferation of biometric identification devices (most laptops already have a fingerprint scanner) that would allow identification without entering passwords. combine that with a centralized login service (openID?) and you might have a good password replacement