Jump to content
N-Europe

Alternatives to passwords?

flameboy

By flameboy
in General Chit Chat

 Share

Recommended Posts

flameboy Newbie

flameboy

Posted
Posted

With the recent ebay hacks, kickstarter, playstation a few years ago it's becoming increasingly obvious that passwords are not fit for purpose. At this point I feel like if someone wants to get them they will. So what viable alternatives do we have today to protect our shit.

Link to comment
Share on other sites
Jimbob Rookie

Jimbob

Posted
Posted
Which is a fucking ballache when I have one password to remember as well as having to remember a second password to generate a third.

 

I was thinking it would be every time you need to access something, unless it's from a "saved" access point (aka a PC, Mac, tablet etc) then it would generate a code that would be sent to your phone. This would be required to access said services.

 

You'd only need to remember the one password, never the code.

 

Google's 2-step service is probably the next stage in all verification.

Link to comment
Share on other sites
Ike Enthusiast

Ike

Posted
Posted

Everyone should use 2 step verification where it's available. It's not really an alternative to passwords since it uses both but it's super secure.

 

Google have added a way to log you into a ChromeOS device just by having your phone nearby, but I'm not sure if I like that "solution".

Link to comment
Share on other sites
EEVILMURRAY Enthusiast

EEVILMURRAY

Posted
Posted
I was thinking it would be every time you need to access something, unless it's from a "saved" access point (aka a PC, Mac, tablet etc) then it would generate a code that would be sent to your phone. This would be required to access said services.

 

You'd only need to remember the one password, never the code.

You'd think so. But to get the third no-need-to-memorise-because-it-keeps-changing code you need to have a second code. So to get to my online banking, I have to do the following:

Enter my unique bank thing.

Enter my password question.

[Enter the password on my Smart Key to get another number]

Enter the new number given.

Finally - Access.

 

To give this a bit more context:

Enter my unique bank thing: AB1234567890

Enter my password question: JIMBOBSWALLOWS

[Enter the password on my Smart Key to get another number] 1234 - Given 123 456

Enter the new number given [123 456]

 

It's a bit of a shit when all I wanna do is check my balance.

Link to comment
Share on other sites
Jimbob Rookie

Jimbob

Posted
Posted
You'd think so. But to get the third no-need-to-memorise-because-it-keeps-changing code you need to have a second code. So to get to my online banking, I have to do the following:

Enter my unique bank thing.

Enter my password question.

[Enter the password on my Smart Key to get another number]

Enter the new number given.

Finally - Access.

 

To give this a bit more context:

Enter my unique bank thing: AB1234567890

Enter my password question: JIMBOBSWALLOWS

[Enter the password on my Smart Key to get another number] 1234 - Given 123 456

Enter the new number given [123 456]

 

It's a bit of a shit when all I wanna do is check my balance.

 

Yeah, i can see that issue. Online banking has so many passwords and codes to be able to access it, i take it you are with HSBC the same as myself?

 

Have to remember the online ID number, then the password to the question. Then a 3rd code to access that smart thing to give you a 6 digit code. Kind of a chore to access, but it is secure (of which you don't think it is when you forget one code and find it impossible to access otherwise)

Link to comment
Share on other sites
Cube Community Regular

Cube

Posted
Posted
You'd think so. But to get the third no-need-to-memorise-because-it-keeps-changing code you need to have a second code. So to get to my online banking, I have to do the following:

 

The Google thing works like this

 

- Enter username/password

- Unlock phone

- Open App

- Enter code.

Link to comment
Share on other sites
Charlie Newbie

Charlie

Posted
Posted
You'd think so. But to get the third no-need-to-memorise-because-it-keeps-changing code you need to have a second code. So to get to my online banking, I have to do the following:

Enter my unique bank thing.

Enter my password question.

[Enter the password on my Smart Key to get another number]

Enter the new number given.

Finally - Access.

 

To give this a bit more context:

Enter my unique bank thing: AB1234567890

Enter my password question: JIMBOBSWALLOWS

[Enter the password on my Smart Key to get another number] 1234 - Given 123 456

Enter the new number given [123 456]

 

It's a bit of a shit when all I wanna do is check my balance.

 

The Bank of Scotland app, which is fantastic, asks you for:

 

Your password, it's then stored if you want

3 letters from your security code

 

Very quick just to log on. I assume that ify ou get the 3 letters wrong a few times then it will lock you out.

 

 

Logging onto work remotely I need my username/password as usual. 4 digit security number for the RSA Secure ID app, then the unique key it generates.

 

Google's 2-Step verification is great because the app is linked to your account so need for a password to get into the app.

 

2-step verification is the way forward as it is so much more secure. You can set different phone numbers up if you don't have access to your mobile.

Link to comment
Share on other sites
Guy Newbie

Guy

Posted
Posted (edited)

I like what PayPal do. Logging in requires me to send an SMS message to my phone with a code. Only with that code will the login work.

 

Santander also requires a password and then a second password to access online banking.

 

Blizzard don't do too badly with their authenticators either. The issue is having this kind of service for everything would be a nightmare.

Edited by Guy
Link to comment
Share on other sites
Rummy Newbie

Rummy

Posted
Posted

My bloooooooooooood.

 

Or...hmm. I'm not sure. The problem lies surely in that whatever method you use the 'server side' has to store something for the verification by yourself? I don't yet understand(nor in the state to) the whole 2-step verification thing, but I'd say it's difficult to separate whatever you're using to access unless it's a hardware/similar specific thing?

 

Internet banking wise, mine asks for an id number, then a memorable piece of data, then 3 placed characters from a bigger pass phrase - I've always liked this idea on the back of bruteforce hackers and keyloggers(the placed characters are clicked rather than typed) - but again it does little to nothing if the hack is done 'server side'.

Link to comment
Share on other sites
flameboy Newbie

flameboy

Posted
  • Author
Posted
I like what PayPal do. Logging in requires me to send an SMS message to my phone with a code. Only with that code will the login work.

 

Santander also requires a password and then a second password to access online banking.

 

Blizzard don't do too badly with their authenticators either. The issue is having this kind of service for everything would be a nightmare.

 

A nightmare yes I'd rather have my data secure though.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...