5

Today - I saw a question about passwords usage in cars. Have we developed anything besides passwords for IT? Is there are any other solution out there for my common-folk-direct-to-business-client-power-paying-user? Besides having to login with a password, is there are any alternatives to this? I saw this question here about password alternatives, and this made me think as well, the question is a little old right now. Is someone working on a new way to provide security to software not based on passwords?

I saw things like this "image file" idea, and yes, I know about the "Don't roll your own", so, I'm not trying to do anything like that.

Tl;DR: Are there any major players on Security Information working on a alternative for password systems?

I intend to learn about modern systems or research on the subject of systems that do not use any kind of password based scheme. This includes any kind of alphanumerical combination that the user has to memorize to access the system.

Community
  • 1
Malavos
  • 151
  • 5
  • 5
    Biometrics and MFA are the 2 major initiatives. – schroeder Aug 20 '15 at 19:13
  • @schroeder Hi there! If you would like to answer with real applications done with those two methods, that would be awesome! :D – Malavos Aug 20 '15 at 19:18
  • What do you mean "real applications"? – schroeder Aug 20 '15 at 19:24
  • Are there any deployed software that use these kind of authentications that you spoke of? – Malavos Aug 20 '15 at 19:25
  • 4
    There are literally thousands (millions). My phone uses my fingerprint (biometrics) to unlock certain apps (Lastpass), and MFA is becoming a standard in many web apps (banks, Google, Microsoft, etc.) – schroeder Aug 20 '15 at 19:29
  • Yes, but, of all those you spoke that I know of, for instance, my bank account in Brazil here uses MFA, but still, it uses a password. I'm asking about systems and patterns that does not use password on their system. Microsoft MFA still uses a password as well. Windows 10 has, for example, the biometric API and support for it on the system - but it can be all be bypassed with the password, if you want. I'm asking about research or applications that does not use any kind of password input, a real alternative to it. Should I edit my question to make that more clear? – Malavos Aug 20 '15 at 19:37
  • You HAVE to include a password alternative to biometrics because the possibility for changes to your body are high. For MFA, there are multiple packages that rely on the token, OTP, code, SMS text, NFC signal, etc. as the sole access method, but also provide the ability to enter a password (in case of a lost device). The password is a backup. Passwords will ALWAYS be a backup, just as a hardware key will be a backup to a password-protected car. – schroeder Aug 20 '15 at 19:41
  • @schroeder so you mean that there will be never be any kind of password-free system? Or no one is making any kind of system that considers that? – Malavos Aug 20 '15 at 19:46
  • 2
    It all comes down the the MFA structure: something you know, something you are, and something you have. What you are changes over time (just ask pregnant ladies), something you have can be lost (just ask me), but something you know can persist the longest without modification (just ask my co-worker's Post-It note). Passwords are the most reliable, even though they are the most insecure. That's why combining them is seen as the better method, and why they will be used as a backup. – schroeder Aug 20 '15 at 19:52
  • The best solution I have seen is a wristband that tracks your heart. It constantly updates itself with the changes to your heart's function. It's expensive and buggy at the moment, and the potential for the band to be used to diagnose heart problems is too risky to be used in corporate environments (privacy issues). – schroeder Aug 20 '15 at 19:55
  • I see! Well, I'll keep the post open for alternatives to it (if anyone know any) and for future reference. this discussion itself was really great for me. If you want to post any of it's contents as an answer... Feel free to do so! :D – Malavos Aug 20 '15 at 20:08
  • hey @schroeder. When you said "something you are", you mean a concept like so? http://security.stackexchange.com/questions/47019/isnt-it-less-secure-to-use-something-you-are-for-authentication In this case, "being" is a crucial part of the MFA chain as well? – Malavos Aug 20 '15 at 20:17

0 Answers0