Page 2 of 2 FirstFirst 12
Results 17 to 31 of 31

Thread: Microsoft asserts that "It’s time to kill the password"

  1. #17
    Hexus.Jet TeePee's Avatar
    Join Date
    Jul 2003
    Location
    Gallup, NM
    Posts
    5,369
    Thanks
    131
    Thanked
    756 times in 446 posts

    Re: Microsoft asserts that "It’s time to kill the password"

    I carry physical tokens for some of the computers I use. They are cards with chips like debit cards, that require both the physical presence of the card in the card reader, along with a password to access. I would not use this for a personal system!

  2. #18
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,208 times in 2,281 posts

    Re: Microsoft asserts that "It’s time to kill the password"

    Quote Originally Posted by TeePee View Post
    I carry physical tokens for some of the computers I use. They are cards with chips like debit cards, that require both the physical presence of the card in the card reader, along with a password to access. I would not use this for a personal system!
    Indeed. I have a little plastic fob with an encryption key that, in combination with a password, grants access. Neither is sufficient by itself.

  3. #19
    Senior Member Xlucine's Avatar
    Join Date
    May 2014
    Posts
    2,160
    Thanks
    297
    Thanked
    188 times in 147 posts
    • Xlucine's system
      • Motherboard:
      • Asus TUF B450M-plus
      • CPU:
      • 3700X
      • Memory:
      • 16GB @ 3.2 Gt/s
      • Storage:
      • Crucial P5 1TB (boot), Crucial MX500 1TB, Crucial MX100 512GB
      • Graphics card(s):
      • EVGA 980ti
      • PSU:
      • Fractal Design ION+ 560P
      • Case:
      • Silverstone TJ08-E
      • Operating System:
      • W10 pro
      • Monitor(s):
      • Viewsonic vx3211-2k-mhd, Dell P2414H

    Re: Microsoft asserts that "It’s time to kill the password"

    Quote Originally Posted by DaMoot View Post
    Passwords are secure enough when used appropriately. If you're using a randomized 8-10 digit or longer password that contains no dictionary words or names, you're pretty much set. Find something that's easy for *you* to remember and there's absolutely no problem with passwords.

    The idiots who use 'password' and '12345678' deserve, 100% deserve, to be hacked. End of sentence. End of story. Period.

    What's sad, is that I used to work for a medical group in Southern California with about 17 doctors. Not quite half of them insisted upon threat of cancellation of our IT contract that they continue to be allowed to use their passwords like 'Password' and 'Password123', and that we not inconvenience the doctors or MAs or RNs with needing to remember a complicated password. We tried to convince them for over 10 years to be more secure.

    Yep. Some of your medical records are being secured somewhere in the world with the password 'Password' or 'Password123'.
    Nothing wrong with dictionary words, even sticking to the 3000 most common words gives acceptable levels of entropy with just 5 words (~10^17) and is much easier to remember. You'd need 9 alphanumeric characters to equal the entropy (assuming 72 possible states, for lowercase, uppercase, 10 digits and 10 common punctuation symbols), and that's 9 entities to remember vs 5

  4. #20
    Registered+
    Join Date
    Jul 2016
    Posts
    24
    Thanks
    0
    Thanked
    1 time in 1 post

    Re: Microsoft asserts that "It’s time to kill the password"

    It might stop the brute force hacks but what about when someone manages to steal the biometric data from a compromised app or website then 3D prints it onto a plastic thumb? At least you can change your password...

  5. #21
    Senior Member
    Join Date
    Aug 2008
    Posts
    682
    Thanks
    31
    Thanked
    105 times in 75 posts
    • adidan's system
      • Motherboard:
      • MSI B450M Mortar Max
      • CPU:
      • R5 3600
      • Memory:
      • 32Gb 3200Mhz Crucial Ballistix Sport
      • Storage:
      • Corsair MP510 m.2 480Gb / 2xCrucial M500 1Tb0
      • Graphics card(s):
      • Zotac GTX1080 Mini
      • PSU:
      • 750W EVGA G3
      • Case:
      • CM NR400 Noctua Redux filled
      • Operating System:
      • W10 64 Bit
      • Monitor(s):
      • 27" 1440p Iiyama XUB2792QSU

    Re: Microsoft asserts that "It’s time to kill the password"

    I get a bit annoyed by companies implying users are always at fault with regards to data loss.

    I've only ever had any breaches of my data thanks to companies being slack.

    With regards personal responsibility, nowadays you're probably safer writing down very complicated passwords and keeping them safe in your house - less likely to be burgled than having an easy password worked out.
    Grab that. Get that. Check it out. Bring that here. Grab anything useful. Take anything good.

  6. #22
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Microsoft asserts that "It’s time to kill the password"

    Quote Originally Posted by DaMoot View Post
    Passwords are secure enough when used appropriately. If you're using a randomized 8-10 digit or longer password that contains no dictionary words or names, you're pretty much set.
    Well done if you can remember a different random 10 character string for every site and mailbox and app you use that needs one - unless you use a password manager when the compromise of one password compromises the lot! Passwords like that tend to get written down.

    As was posted recently, a dictionary word still gives a high level of entropy. Combine two or three to form a phrase, joined by some non alphanumeric character and you have a reasonably secure set up. The real protection to weaker passwords is a lockout system that locks the user out for a set period of time after (say) three unsuccessful attempts.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  7. #23
    Senior Member
    Join Date
    May 2009
    Location
    Where you are not
    Posts
    1,330
    Thanks
    607
    Thanked
    103 times in 90 posts
    • Iota's system
      • Motherboard:
      • Asus Maximus Hero XI
      • CPU:
      • Intel Core i9 9900KF
      • Memory:
      • CMD32GX4M2C3200C16
      • Storage:
      • 1 x 1TB / 3 x 2TB Samsung 970 Evo Plus NVMe
      • Graphics card(s):
      • Nvidia RTX 3090 Founders Edition
      • PSU:
      • Corsair HX1200i
      • Case:
      • Corsair Obsidian 500D
      • Operating System:
      • Windows 10 Pro 64-bit
      • Monitor(s):
      • Samsung Odyssey G9
      • Internet:
      • 500Mbps BT FTTH

    Re: Microsoft asserts that "It’s time to kill the password"

    a large number of users still regularly use passwords such as 'password' or '12345' to secure their access/data
    Or in the case of the company I work for, someone decided that our handhelds that hold customer data should be secured with "1234".

    It's fine blaming users and everything, but when the companies can be the issue with sloppy processes in place? Anyway, I'm happy with my passwords that are all completely and utterly random and recovery of them should I forget is protected by 2FA.

    Microsoft isn't getting my biometric data, even if stored locally, I simply don't trust them with it.

  8. #24
    Senior Member
    Join Date
    Sep 2014
    Posts
    231
    Thanks
    0
    Thanked
    13 times in 10 posts

    Re: Microsoft asserts that "It’s time to kill the password"

    Quote Originally Posted by LSG501 View Post
    um... how exactly will this work with people like me who don't have (or even own in my case) a webcam on their pc, don't have a mic/headset and don't have any other form of 'security' option like a fingerprint sensor.

    I'm not going out to buy something just because someone says passwords are outdated....
    They are not removing passwords but adding bio-metric functions into the OS instead of users buying a separate piece of software to do it.

  9. #25
    Senior Member Xlucine's Avatar
    Join Date
    May 2014
    Posts
    2,160
    Thanks
    297
    Thanked
    188 times in 147 posts
    • Xlucine's system
      • Motherboard:
      • Asus TUF B450M-plus
      • CPU:
      • 3700X
      • Memory:
      • 16GB @ 3.2 Gt/s
      • Storage:
      • Crucial P5 1TB (boot), Crucial MX500 1TB, Crucial MX100 512GB
      • Graphics card(s):
      • EVGA 980ti
      • PSU:
      • Fractal Design ION+ 560P
      • Case:
      • Silverstone TJ08-E
      • Operating System:
      • W10 pro
      • Monitor(s):
      • Viewsonic vx3211-2k-mhd, Dell P2414H

    Re: Microsoft asserts that "It’s time to kill the password"

    Quote Originally Posted by peterb View Post
    Well done if you can remember a different random 10 character string for every site and mailbox and app you use that needs one - unless you use a password manager when the compromise of one password compromises the lot! Passwords like that tend to get written down.

    As was posted recently, a dictionary word still gives a high level of entropy. Combine two or three to form a phrase, joined by some non alphanumeric character and you have a reasonably secure set up. The real protection to weaker passwords is a lockout system that locks the user out for a set period of time after (say) three unsuccessful attempts.
    Just toss in another dictionary word. Counting on my keyboard, there's about 34 difference punctuation characters easily available. Factor in that, for a password with 5 words & a punctuation character, there's 6 possible permutations for the order (doesn't matter what order the words are in, since they're unknown to the brute force attempt), and you've gained a factor of 204 increase in entropy. Add in another word, OTOH, and even limited to the 3000 most common words (and most adults know >20,000!) you've added a factor of 3000 to the entropy (>14 times better!).

    Dictionary words, all lowercase. Strongest password there is that can still be remembered.

  10. Received thanks from:

    peterb (29-12-2017)

  11. #26
    Registered+
    Join Date
    Oct 2015
    Posts
    56
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Microsoft asserts that "It’s time to kill the password"

    Although the idea of not using and having to remember passwords is appealing, I'm not sold on the tech yet. I'll wait and see what comes next.

  12. #27
    sig
    sig is offline
    Registered+
    Join Date
    Feb 2016
    Posts
    30
    Thanks
    0
    Thanked
    2 times in 2 posts

    Re: Microsoft asserts that "It’s time to kill the password"

    If you want good password, just get a sentence, and put first letter for every word. Like iywgp,jgas,apflfew frome previous. Easy do remember, and be like random, so very strong if have more that few character. Adding a big letter and numbers easily.

  13. #28
    HEXUS.Squirrel Output's Avatar
    Join Date
    Nov 2007
    Posts
    2,239
    Thanks
    994
    Thanked
    451 times in 316 posts
    • Output's system
      • Motherboard:
      • Gigabyte AORUS Master X570
      • CPU:
      • AMD Ryzen 9 3950X
      • Memory:
      • 32GB (2x16GB) DDR4 Kingston Fury Renegade @ 3600MHz CL16
      • Storage:
      • Sandisk Ultra 3D 2TB
      • Graphics card(s):
      • Sapphire Nitro+ RX 7800 XT
      • PSU:
      • EVGA SuperNOVA 750 G3
      • Case:
      • bequiet Dark Base Pro 900 Rev.2
      • Operating System:
      • Windows 10 Pro x64

    Re: Microsoft asserts that "It’s time to kill the password"

    '12345'? That's amazing! I have the same combination on my luggage!

    As for it being time to kill the password, it's clear to me that technology is not yet at a point for it to be reliably feasible. Even if it was, I'd most likely prefer to stay with the password route due to the sensitivity of biometric data as Saracen said.

  14. #29
    Member
    Join Date
    Jan 2013
    Posts
    136
    Thanks
    0
    Thanked
    2 times in 2 posts

    Re: Microsoft asserts that "It’s time to kill the password"

    Quote Originally Posted by peterb View Post
    Quote Originally Posted by DaMoot View Post
    Passwords are secure enough when used appropriately. If you're using a randomized 8-10 digit or longer password that contains no dictionary words or names, you're pretty much set.
    Well done if you can remember a different random 10 character string for every site and mailbox and app you use that needs one - unless you use a password manager when the compromise of one password compromises the lot! Passwords like that tend to get written down.

    As was posted recently, a dictionary word still gives a high level of entropy. Combine two or three to form a phrase, joined by some non alphanumeric character and you have a reasonably secure set up. The real protection to weaker passwords is a lockout system that locks the user out for a set period of time after (say) three unsuccessful attempts.
    Add to that when the ones you are trying to make an account with won't accept your long password then, their reason in my mind is moot, has happened to several places i tried to make an account. Best one was the bank

  15. #30
    Registered+
    Join Date
    Aug 2017
    Posts
    76
    Thanks
    0
    Thanked
    2 times in 2 posts
    • Fury559's system
      • Motherboard:
      • GA-Z77-D3H
      • CPU:
      • 3570k 4.5ghz
      • Memory:
      • 4x4GB 1866mhz
      • Graphics card(s):
      • EVGA GTX 1070 FTW
      • PSU:
      • EVGA P2 1000w
      • Case:
      • Fractal Design Define R4
      • Operating System:
      • W10 64 Bit
      • Monitor(s):
      • XF270HU

    Re: Microsoft asserts that "It’s time to kill the password"

    Quote Originally Posted by sleepy4970 View Post
    Big Brother is watching with gleeful interest...
    If I start having to do Biometrics I'll stop with the internet.

  16. #31
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,710
    Thanks
    1,841
    Thanked
    1,431 times in 1,055 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Microsoft asserts that "It’s time to kill the password"

    Quote Originally Posted by sig View Post
    If you password is leaked, you can change it.

    But if you biometric is leaked, you can only rely nobody use that in wrong way. There is no 100% reliable biometric scan, even DNA test can failed / be false. And what worse, you have the same "password" for every site, so anonymity are no longer available.
    This ^ with bells and whistles and big FO klaxon and neon flashing lights. Biometric data cannot be changed but can be hacked. Plus I don't want generic websites getting any of my biometric information - I'll stick with passwords thanks, and so should we all. It's a crack-pot idea to do this, and so open to big-brother exploitation. MS gets everyone's face and other info... then sets up cameras in public places to recognise you and advertise, track, monitor etc etc. NO THANK YOU. (and I don't think that's being fanciful, iirc FB already have publicly admitted they are working on targetted public-space advertising in a similar way)

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •