SoylentNews is people
SoylentNews
from the isn't-it-about-time-to-move-on dept.
Submitted via IRC for TheMightyBuzzard
A global study from IBM Security examining consumer perspectives around digital identity and authentication today, found that people now prioritize security over convenience when logging into applications and devices.
Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security.
With millennials quickly becoming the largest generation in today's workforce, these trends may impact how employers and technology companies provide access to devices and applications in the near future. Overall, respondents recognized the benefits of biometric technologies like fingerprint readers, facial scans and voice recognition, as threats to their digital identity continue to mount.
Source: https://www.helpnetsecurity.com/2018/01/29/authentication-today/
(Score: 4, Insightful) by stretch611 on Tuesday January 30 2018, @08:06AM (2 children)
Biometrics are a good replacement for userids. They are horrible for passwords; they are too easy to fake, and impossible to alter even when compromised.
Multifactor sadly is questionable in most cases and more often than not used to get more personal information about you that companies do not need to know. Companies don't give a damn about your private information... they only want the cheapest "security theater [wikipedia.org]"
-- many ask for personal questions for authentication or password resets. However, many of these questions can be answered by anyone who can read your facebook or other social media. This makes them like a second password only worse because they are much easier to guess. Why try to crack a password when you can figure out the name of the person's hometown and reset their password for them?
-- (non)Random number generators, like SecurID and others are a good thought... However, a few years ago they were hacked making their devices useless. And that will always be the case... once the company providing it has the authentication for a good number of users, it becomes a prime target and it becomes a question of when, not if they will be hacked.
-- Steam and Gmail want to text you via your cell phone a "random" auth code. Personally, my game library is not worth the effort, and I would rather not give my cell phone out to every f-ing company in the world that I do business with. They have my home email... they can send the code there... just as valid and I can cut and paste the code which makes it easier for me than to type it. Especially if it is small type or uses 0/O, 1/l, S/5 or many of the other combinations that are hard to determine on a small screen or small font.
Password Managers are the best option... but only if you don't do it half-assed. LastPass(and others)... hell no... Any online password manager is only one hack away from you losing everything. And trust me, any server with that number of users and that many passwords is constantly under attack. Browser based storage is just as bad if not worse. Every modern browser is updated monthly with security fixes... Good that they are working on it, but it just proves how insecure they are.
I use KeePassX [keepassx.org]. Stored on a local drive. Requiring a 4096 byte key file AND a password. (Mine is over 15chars, with numbers, upper, lower, and symbols.) No chance in hell of me using any type of plugin to automate the process. A backup is stored on a flash drive and the key file separately.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 1, Interesting) by Anonymous Coward on Tuesday January 30 2018, @01:20PM
Not even remotely, or at least not if you care about privacy. I like the ability to enter random, different userids on sites that I register on.
(Score: 2) by etherscythe on Tuesday January 30 2018, @07:12PM
This is exactly the reason I use Password Safe, by none other than Bruce Schneier himself. It's nice that there's an app that can paste as a keyboard replacement as well. The only inconvenience is in synchronizing my password database between desktop and phone. I understand there's also an app for that now.
"Fake News: anything reported outside of my own personally chosen echo chamber"