Submitted via IRC for TheMightyBuzzard
A global study from IBM Security examining consumer perspectives around digital identity and authentication today, found that people now prioritize security over convenience when logging into applications and devices.
Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security.
With millennials quickly becoming the largest generation in today's workforce, these trends may impact how employers and technology companies provide access to devices and applications in the near future. Overall, respondents recognized the benefits of biometric technologies like fingerprint readers, facial scans and voice recognition, as threats to their digital identity continue to mount.
Source: https://www.helpnetsecurity.com/2018/01/29/authentication-today/
(Score: 2) by janrinok on Tuesday January 30 2018, @02:28PM
I deliberately do not do this although I can understand the convenience that it would provide. I would rather cut and paste; the web page only has access to whatever I paste in the window. I could add a few more lines of code so that it is already in the buffer and a Ctrl-V is all that is required. It cannot discover where I get that data from or how it was generated, indeed I can change the location of the program freely as long as I know how to run it. At home, it isn't even running on the same machine that I use to access the internet.
For example, I have the same program, data and processing rules on a memory stick so that I can travel with it or use another computer other than my own. After I have removed the stick there is nothing on the host machine to compromise it. If the memory stick is lost, stolen or seized by LE it might compromise my random data and processing rules, but without knowing what 'key' I type in to access a specific password it is unlikely to produce the correct data for anyone else. And that is assuming that whoever finds it recognises what it is or what it might be used for.
If you use the output of MD5SUM someone already knows the length of your password and the valid character set, although that is certainly much more secure than a simple passphrase. However, I realise that many websites only accept a very limited character set anyway. I have also found a few sites that only look at the first n characters so any more than that is ignored. Any additional effort on our part will achieve nothing in terms of additional security. I don't tend to use those sites often as I seriously doubt their commitment to keeping my data safe.