Advertisement

User authentication without storing pw's

Started by March 04, 2018 05:58 PM
32 comments, last by hplus0603 6 years, 8 months ago
3 minutes ago, hplus0603 said:

I highly recommend LastPass or 1password. They have good mobile and browser plug-ins, and for that one time you need to enter a password on a Playstation, the mobile app can show you the appropriate password in cleartext with numbers colored differently from letters (!)

 

This is kind of what I was talking about before. Now we have apps to manage passwords that needs a password...I don't care about all these passwords. They are side effects of me wanting information/entertainment. There has to be a better way. In my view text me a reasonable length access code and I'll enter it. No more remembering any passwords and it's quick and easy. Everyone has a phone, everyone texts. I wish it worked like that and it seems to slowly be nudging that way. Can't come soon enough.

I'll most likely be using Steams API though I guess. Pretty standard and accepted by most PC gamers.

On a more philosophical note, I think we are rapidly approaching the end of the password whether we like it or not. My phone has facial recognition, my laptop has a fingerprint scanner. Most services on both mobile and desktop stay logged in for months or even years at a time, or leverage one of those hardware-biometric options to renew their logins.

As a result, by the time I have to type in one of these passwords, there's no hope that I remember which of the 50-100 passwords a particular service correlates to. I could use one password for everything, but that's insecure. I do use LastPass, but that's basically an inconvenient stopgap for some concept of "universal login" (it's especially painful on mobile, where I either use Lastpass's own crippled web browser, or badly copy/paste credentials).

In so far as I can, I approximate universal login by delegating logins to widespread platforms. Mobile apps mostly just use Apple's concept of identity. Games use Steam/Blizzard/Origin/XBox. Most online sites that support federated login, I tie to one of Google/Facebook/Twitter.

I long for the day when we see sufficient consolidation of authentication that I can federate everything through a single set of password+2fac, that is indefinitely sticky on my personal devices.

Tristam MacDonald. Ex-BigTech Software Engineer. Future farmer. [https://trist.am]

Advertisement

Now we have apps to manage passwords that needs a password

Yes, but it's a single password. Which is not that different from having a single ID card/driver's license.

Btw: You should make that single password a "correct horse battery staple" so you can remember it and it's very hard to crack.

(The number of words and such that you want to include varies by your assumptions about strength and attacks.)

 

enum Bool { True, False, FileNotFound };

This topic is closed to new replies.

Advertisement