

Beyond passwords: New tools to identify humans - kanamekun
http://bits.blogs.nytimes.com/2013/09/10/beyond-passwords-new-tools-to-identify-humans/

======
lucb1e
> last month, it was discovered that even passwords as long as 55 characters
> could be broken.

I stopped reading there. This is utter bullshit.

If 55 is doable, then 16 should be peanuts (like, many orders of magnitude
easier). Here crack this _md5 hash_ for me: 2419219bcd13f7a6dfebeca7cf94108e.
We all know md5 is broken, right? By the way, this was generated by using:

    
    
         head -c 16 /dev/urandom | md5sum
    

Of course we can crack 200-character passwords if we can make an educated
guess at what it might be, but we can't break truly good passwords as short as
10 characters, even if a one-round md5 hash was used. This "revelation" is
nothing more than FUD and may be completely ignored. Passwords are not broken.

~~~
zeckalpha
Some of the characters you used are not allowed by many password systems. This
decreases the entropy quite a bit, but still not enough to make your point
invalid.

------
murtza
Another way to identify users is by the speed and rhythm they type their
username and password.

For example, let's think about a hypothetical company that sells a per-seat
license to a database, that wants to determine if multiple people are using a
license for a single seat without false positives. The easiest case to detect
are multiple concurrent logins from different IPs. However, if the
service/database is used less frequently and concurrent logins would not
occur, then it will be harder to catch. Detecting this is made more
challenging because one user might login from different IPs, computers,
operating system, browsers, etc.

~~~
Vendek
Apparently that exists as a service already.. (
[https://www.keytrac.net/](https://www.keytrac.net/) ) Crazy.

------
Mindless2112
For physical authentication, vein scanning [1] seems pretty neat -- though
it's no more a replacement for passwords than a fingerprint is.

[1]
[https://www.youtube.com/watch?v=eDo0W1tEkpk](https://www.youtube.com/watch?v=eDo0W1tEkpk)

------
ranman
I like the idea of a device/app you keep on your person or maintain on your
phone versus something biometric. There may be times when I want to enable a
loved one to log in for me or if I become incapacitated I'd like for someone
else to have the ability to unlock my info. For those reasons Clef seems to be
about the right amount of functionality and device dependence for me.

------
jayfuerstenberg
Biometrics aren't secrets and cannot replace passwords but they can compliment
them perhaps.

For instance, I can think of identical twins who don't want the other to see
their private photos etc...

~~~
malandrew
They also should complement them so that the combination remains revokable.
Using a biometric marker standalone is dangerous if that marker is somehow
compromised.

~~~
jayfuerstenberg
Indeed.

What scares me is the idea of a cop at a random checkpoint forcing your finger
onto your iPhone against your will to gain access to its contents.

A password is so much better in such a scenario.

~~~
ygra
In some jurisdictions they can force you to give that up, too. Or hold you in
jail until you do. UK comes to mind.

------
joseflavio
In my opinion there are 2 main issues with Biometrics: \- The first is that it
may identify you with precision but it can not tell your will, so basically,
you can force someone to use the sensor. \- The second issue is that it does
not allow you to give authorization to a third party in exceptional
situations.

~~~
pilif
and third: You can't change whatever attribute of yours is being measured when
the data leaks out by accident. And fourth: You always share the same
attribute with every service identifying you.

We've already seen password databases being compromised. If that happens, you
change your password and move on. If biometric data leaks out, you a) can't
change your attribute and b) you will have shared that attribute with other
parties.

Biometric data is WAY worse than passwords.

~~~
derefr
To me, that seems to suggest that biometrics aren't really _passwords_ (which
are private, and authenticate you), so much as they are _usernames_ (which are
public, and identify you.)

Just like a username, you can know/have someone else's thumbprint, and "type
it in" for the identification phase of login. And just like a username, you
need a password in addition, in order to test that you're really who you say
you are.

The main difference is that biometrics, unlike usernames, are unique to a
person (two people in separate places can't _decide_ to use the same
thumbprint without knowing about each-other), so there's no equivalent to
trying to log into a machine by using the top 50 most common username+password
combinations. In other words, biometrics can always be compromised by HUMINT,
and sometimes, given a flawed implementation, by SIGINT--but they're
completely immune to MASINT
([http://en.wikipedia.org/wiki/Measurement_and_signature_intel...](http://en.wikipedia.org/wiki/Measurement_and_signature_intelligence)).

Another way to think about it: fingerprints and the like are pretty much UUIDs
you're assigned at birth. Just like a textual UUID, anyone who can read it can
replicate it or retransmit it fairly easily. There's no security there. What
there is, is _collision-prevention._ Nobody will be using a UUID you just
generated unless they're _trying_ to collide with it, specifically. If they
just generate their own UUIDs, they'll never pick yours by coincidence. Much
easier to detect and flag malicious logins once you can be sure that there's
no chance of accidental collisions (e.g., someone just typing in their
username-on-some-other-machine that happens to be already owned by someone
else on this one.)

------
yannis
When I pass away my daughter will get an envelope with all my passwords. I
would still like her to be able to open all my accounts.

------
educating
> At the same time, biometric sensors raise questions of security. When
> Apple’s sensor was announced on Tuesday, a flurry of skepticism and privacy
> concerns erupted online even though Apple said users’ fingerprints would be
> stored only on the phone — not sent to online servers or made available to
> app developers.

Yes, the thumbprint is going to be the bane of the iPhone 5s. It is a horrible
idea. They think phones are completely personal. They aren't. I share mine
with my daughters all of the time. Sometimes my wife needs to use it. It is
going to be a problem.

I'm not sure if thumbprints are worse or Microsoft's racist facial recognition
that wouldn't recognize very dark African Americans.

~~~
w4
The 5S let's you add other people's thumbprints in addition to your own to
unlock the phone.

