
PayPal exec aims to “obliterate passwords from the face of the planet” - shawndumas
http://arstechnica.com/information-technology/2013/05/paypal-exec-aims-to-obliterate-passwords-from-the-face-of-the-planet/
======
lobotryas
Forget CISPA and such, I'd say that initiatives like this are the biggest
threat to internet freedom and anonymity.

Unless burner phones become available that support FIDO protocols and that can
be purchased for cash, this idea will make "Login with Facebook" seem like
child's play by comparison.

~~~
CamperBob2
(Shrug) The fact is, passwords suck. They need to go away. How would _you_ fix
them?

~~~
jabbernotty
Please give some reasoning along with your claim.

In what way do they suck, in which cases? Do they really need to stop being
used?

I'm not just being pedantic. I just haven't had any problems with the concept
of passwords as a security measure. Many implementations are flawed, but that
is a different manner.

------
pa7ch
Using Smart-cards for authentication is a great idea. The problem of this is
that you could be forced to have a unified identity across all accounts. This
has potential privacy and blacklisting implications.

David Chaum knew this all in 1980 and proposed a great solution: Allow each
user to keep a database of pseudonymous identifiers such that one is
associated with each organization will be automatically presented when needing
to authenticate.

"Security without Identification Card Computers to make Big Brother Obsolete":
[http://www.chaum.com/articles/Security_Wthout_Identification...](http://www.chaum.com/articles/Security_Wthout_Identification.htm)

Edit: It should also be noted that if you use multiple pseudoanymous
identities no PKI is necessary which solves a major MITM and infrastructure
problem. You simply link a public key to your paypal/gmail/whatever account
upon creation. Only paypal/gmail/ needs to know about that mapping.

------
jayfuerstenberg
Ughhh... Biometrics (fingerprints, eye scans, etc...) are not secrets.

This is the umpteenth iteration of a bad idea.

~~~
jpatokal
This. Bruce Schneier's extended version:
<http://www.schneier.com/essay-019.html>

~~~
jayfuerstenberg
Thanks for the link. Can't imagine how I missed this.

------
josh2600
I might be too late to jump in here, but here are my thoughts on TwoFactor
authentication using "unique"* biometrics.

If I scan my fingerprint in to authenticate or scan my retina, on a device
that knows my physical location, that is a more literal check-in than anything
that exists today. Essentially a check-in would have near absolute certainty
that the actual person authenticating was at that place at that time.

That's scary to me; one may have a GPS on their phone today, but that's the
phones identity, not the owners. If one signs ones credit cards with a thumb
print or a retina scan, one is proving beyond any shadow of a doubt that one
was present at that place at that time.

This may or may not be something one wants and one should be conscious of the
realities of biometric authentication.

*Just because no one has presented a copy of a retina that can pass a retina scan does not mean one does not exist.

~~~
wamatt
_> That's scary to me; one is proving beyond any shadow of a doubt that one
was present at that place at that time._

To some, I imagine they feel could the opposite: Reassurance against wrongful
accusations of crimes not committed.

------
lenazegher

        The so-called "Internet of things" adds another wrinkle. Barrett talked about
        development of refrigerators that can sense what food is inside them and
        automatically order replacement groceries. Perhaps such technology will be
        commonplace in a few years—and your refrigerator will need a way to pay for food.
    
        "It begs the question, do you really want your refrigerator to know your PayPal
        password?" Barrett said. "Unless we can solve that problem, life is not going to
        be good."
    

This is a problem that has already been solved. You create an authentication
system that supports different privilege levels. You create a secret key for
your fridge on a secure device (after authentication with your _password_ ).
You then transfer this custom-made secret key to your fridge which gives it
the privilege to spend no more than X amount on groceries to a small list of
trusted vendors.

The biometric solution discussed in the article doesn't even solve this
problem. Do you really want your fridge to store your fingerprint or retina
data?

The part I have a hard time understanding: even if you register your phone as
a trusted device and scan your fingerprint on your phone to log in to paypal,
all your phone is doing is sending a secret key to paypal's servers (where's
it's presumably hashed and stored).

How does that solve the problems the article identifies?

    
    
        "Left to their devices users will pick horrible passwords and then they'll
        reuse them all over the place," Barrett said.
         
        Various data breaches have exposed millions of user IDs and passwords.
        While passwords are typically exposed in an obscured or "hashed" form,
        increasingly powerful processors and password cracking programs allow
        even novice hackers to convert them into plain text
    

Biometrics _forces_ you to use the same secrets to authenticate yourself with
every service, and if weak security allows an attacker to reveal the
"plaintext" equivalent of your fingerprint or retina scan, you're _fucked_.

Any system that's used to increase the security, entropy or uniqueness of your
biometrics for each site you register with could equally be used to protect a
single, strong master password instead. At least you could change that if it
somehow got hacked.

------
nwh
> A USB stick loaded with FIDO software could also work, allowing users to
> authenticate to computers they don't own.

Much easier. Malware will just switch to stealing those instead.

~~~
icebraining
If it's a custom made stick, and not just some dumb mass-storage, it could do
the crypto authentication in the stick itself, without ever copying the
private key to the main device. It's basically how smartcards work.

~~~
nwh
So a Yubikey then.

~~~
zabuni
They are a part of FIDO.

------
codex
Sounds like the person who's sitting next to me in the coffee shop will be
able to log in to my bank if he loads the web page faster than I do.

------
jmspring
When I was at IronKey, we had the same sort of idea -- add security via two
factor authentication. That second factor? A physical token, in this case a
USB drive w/ on board crypto chip (think USB drive as a smartcard).

That pretty much went not too far.

Anything that requires you to carry an additional device is doomed to failure.

~~~
cpeterso
What the problem with the physical token the cost, the configuration, or just
lazy users?

------
rdl
If they do this in an open way, it will be one of the best changes for the
Internet in a long time. If it is done I. A closed way, a great force for
evil. Devil is in the details for sure.

Something g which lets users delegate their security to some kind of sent, and
then authenticate to it with various challenges (including biometrics), and
allows a cooperative s unity policy between users and administrators (where
each action has a different risk profile, so sending money to a pre approved
account is low auth required vs something like changing your auth
credentials...) is the solution. Not sure if this is it.

------
duaneb
So now the problem has been reduced to any one of n biometric data, that you
can NEVER change? That seems lovely.

~~~
gcr
There are a certain class of biometrics called "Revocable biometrics." You
combine the biometric data with a password, and you can revoke it by merely
forgetting a password.

------
chrisfarms
<http://fidoalliance.org/>

Looks worryingly "closed".

~~~
FramesPerSushi
Oh wow, I think they might be colour blind.

<http://i.imgur.com/EQCRE5P.png>

------
visural
Why would you want your phone to be the key to your most secure data?

Also from what I've seen in the past most finger print scanning and cheap,
"organic" identity verification tech is not reliable and easily circumvented.

Despite not being perfect, basic password authenication (or even better- pass-
phrase) is a security mechanism that's easily understood, easy to implement
and can be pretty secure.

(Although still possible to do badly/incorrectly as we keep seeing).

~~~
acabal
Not just that, but in lesser-developed countries biometric identification can
be dangerous. If you get mugged for your ATM card, you can tell them your PIN
and they'll let you go, free to repeatedly use your card until you freeze it.
But if you need a fingerprint to authenticate, they're going to let you go
too, and maybe with one less finger.

Not really a concern in America, but in other places like Mexico, Latin
America, India, Asia...

~~~
duaneb
> Not really a concern in America, but in other places like Mexico, Latin
> America, India, Asia...

Well it would be if biometrics became widespread.

~~~
gcr
India's uID project has the biometrics and identity information of over 327
million civilians. This means they've reached about a third of their goal of
creating a nation-wide identity and biometrics database.

[https://en.wikipedia.org/wiki/Unique_Identification_Authorit...](https://en.wikipedia.org/wiki/Unique_Identification_Authority_of_India)

------
nayefc
Well, a "PayPal exec". I think we can skip reading this article :)

------
nick2021
This is just what we need. Idiots from Paypal shaping the interwebs.

~~~
RKearney
Rumor has it that if someone gets offended at a post you wrote online and
reports you, PayPal will freeze all of your online accounts in one fell swoop.

~~~
chris_mahan
Fell indeed.

