flameboy Posted May 22, 2014 Posted May 22, 2014 With the recent ebay hacks, kickstarter, playstation a few years ago it's becoming increasingly obvious that passwords are not fit for purpose. At this point I feel like if someone wants to get them they will. So what viable alternatives do we have today to protect our shit.
The Peeps Posted May 22, 2014 Posted May 22, 2014 Fingerprint / voice recognition? There's probably always going to be ways to hack data though :p
Cube Posted May 22, 2014 Posted May 22, 2014 2-Step Verification. An app on your phone which gives you a changing code (like those bank key things) that you need to access your Google account. You also get a list of codes that you can print and put in a safe place in case you can't access your phone.
EEVILMURRAY Posted May 22, 2014 Posted May 22, 2014 An app on your phone which gives you a changing code (like those bank key things) Which is a fucking ballache when I have one password to remember as well as having to remember a second password to generate a third.
Jimbob Posted May 22, 2014 Posted May 22, 2014 Which is a fucking ballache when I have one password to remember as well as having to remember a second password to generate a third. I was thinking it would be every time you need to access something, unless it's from a "saved" access point (aka a PC, Mac, tablet etc) then it would generate a code that would be sent to your phone. This would be required to access said services. You'd only need to remember the one password, never the code. Google's 2-step service is probably the next stage in all verification.
Ike Posted May 23, 2014 Posted May 23, 2014 Everyone should use 2 step verification where it's available. It's not really an alternative to passwords since it uses both but it's super secure. Google have added a way to log you into a ChromeOS device just by having your phone nearby, but I'm not sure if I like that "solution".
EEVILMURRAY Posted May 23, 2014 Posted May 23, 2014 I was thinking it would be every time you need to access something, unless it's from a "saved" access point (aka a PC, Mac, tablet etc) then it would generate a code that would be sent to your phone. This would be required to access said services. You'd only need to remember the one password, never the code. You'd think so. But to get the third no-need-to-memorise-because-it-keeps-changing code you need to have a second code. So to get to my online banking, I have to do the following: Enter my unique bank thing. Enter my password question. [Enter the password on my Smart Key to get another number] Enter the new number given. Finally - Access. To give this a bit more context: Enter my unique bank thing: AB1234567890 Enter my password question: JIMBOBSWALLOWS [Enter the password on my Smart Key to get another number] 1234 - Given 123 456 Enter the new number given [123 456] It's a bit of a shit when all I wanna do is check my balance.
Jimbob Posted May 23, 2014 Posted May 23, 2014 You'd think so. But to get the third no-need-to-memorise-because-it-keeps-changing code you need to have a second code. So to get to my online banking, I have to do the following:Enter my unique bank thing. Enter my password question. [Enter the password on my Smart Key to get another number] Enter the new number given. Finally - Access. To give this a bit more context: Enter my unique bank thing: AB1234567890 Enter my password question: JIMBOBSWALLOWS [Enter the password on my Smart Key to get another number] 1234 - Given 123 456 Enter the new number given [123 456] It's a bit of a shit when all I wanna do is check my balance. Yeah, i can see that issue. Online banking has so many passwords and codes to be able to access it, i take it you are with HSBC the same as myself? Have to remember the online ID number, then the password to the question. Then a 3rd code to access that smart thing to give you a 6 digit code. Kind of a chore to access, but it is secure (of which you don't think it is when you forget one code and find it impossible to access otherwise)
Cube Posted May 23, 2014 Posted May 23, 2014 You'd think so. But to get the third no-need-to-memorise-because-it-keeps-changing code you need to have a second code. So to get to my online banking, I have to do the following: The Google thing works like this - Enter username/password - Unlock phone - Open App - Enter code.
Charlie Posted May 23, 2014 Posted May 23, 2014 You'd think so. But to get the third no-need-to-memorise-because-it-keeps-changing code you need to have a second code. So to get to my online banking, I have to do the following:Enter my unique bank thing. Enter my password question. [Enter the password on my Smart Key to get another number] Enter the new number given. Finally - Access. To give this a bit more context: Enter my unique bank thing: AB1234567890 Enter my password question: JIMBOBSWALLOWS [Enter the password on my Smart Key to get another number] 1234 - Given 123 456 Enter the new number given [123 456] It's a bit of a shit when all I wanna do is check my balance. The Bank of Scotland app, which is fantastic, asks you for: Your password, it's then stored if you want 3 letters from your security code Very quick just to log on. I assume that ify ou get the 3 letters wrong a few times then it will lock you out. Logging onto work remotely I need my username/password as usual. 4 digit security number for the RSA Secure ID app, then the unique key it generates. Google's 2-Step verification is great because the app is linked to your account so need for a password to get into the app. 2-step verification is the way forward as it is so much more secure. You can set different phone numbers up if you don't have access to your mobile.
Guy Posted May 23, 2014 Posted May 23, 2014 (edited) I like what PayPal do. Logging in requires me to send an SMS message to my phone with a code. Only with that code will the login work. Santander also requires a password and then a second password to access online banking. Blizzard don't do too badly with their authenticators either. The issue is having this kind of service for everything would be a nightmare. Edited May 24, 2014 by Guy
Rummy Posted May 23, 2014 Posted May 23, 2014 My bloooooooooooood. Or...hmm. I'm not sure. The problem lies surely in that whatever method you use the 'server side' has to store something for the verification by yourself? I don't yet understand(nor in the state to) the whole 2-step verification thing, but I'd say it's difficult to separate whatever you're using to access unless it's a hardware/similar specific thing? Internet banking wise, mine asks for an id number, then a memorable piece of data, then 3 placed characters from a bigger pass phrase - I've always liked this idea on the back of bruteforce hackers and keyloggers(the placed characters are clicked rather than typed) - but again it does little to nothing if the hack is done 'server side'.
flameboy Posted May 26, 2014 Author Posted May 26, 2014 I like what PayPal do. Logging in requires me to send an SMS message to my phone with a code. Only with that code will the login work. Santander also requires a password and then a second password to access online banking. Blizzard don't do too badly with their authenticators either. The issue is having this kind of service for everything would be a nightmare. A nightmare yes I'd rather have my data secure though.
Recommended Posts