a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by BlackBird
BlackBird  ·  4119 days ago  ·  link  ·    ·  parent  ·  post: How the Bible and YouTube are fueling the next frontier of password cracking

If passwords fall over (relatively) so easy when challenged, I'm curious why IT departments, particularly in sensitive areas, don't just mandate fingerprint scanners on terminals for logging in to systems/programs, on top of the Username/Password combos.





ixnar  ·  4118 days ago  ·  link  ·  

As long as people don't get into their heads to rely entirely on fingerprints (since prints are easily reproduced, see CCC and others) they would work well to augment security.

BlackBird  ·  4118 days ago  ·  link  ·  

Totally agree, you can't rely solely on one single method because of limitations and the potential for it to be broken (passwords being cracked, fingerprints being copied and reproduced).

I think you've raised one of the major issues though: sole reliance on one method for security. If you work somewhere where information security is critical, relying solely on user generated passwords becomes an issue in my opinion, as humans are the weakest point in the chain: we choose easier-to-recall passwords, or reuse them with minor changes in a pattern (password1, password2 etc).

As a thought, what's everyones opinion on logging on to your terminal and program's with a mandated lengthy password, a swipe access card (ie the one used to get into the building) and a fingerprint scanner. The hardware is relatively cheap, and adds at least a couple layers to being manipulated by any would-be attacker.

ll  ·  4118 days ago  ·  link  ·  

That is interesting. Or maybe have them use yubikeys or something to that extent.

Especially since some companies allow passwords to be only of a specific length...

BlackBird  ·  4118 days ago  ·  link  ·  

Haven't heard of yubikeys but will take a look!