There must be smarter security than a ban on dumb passwords

[Kevin Lancaster]

There must be smarter security than a ban on dumb passwords

In cyberspace we are facing password fatigue, caused by having to recall endless streams of unrelated numbers and letters at odd times.

 

[Mike Hoxbig]

Dumb passwords are actually the answer. But the non-mathematically-inclined IT geniuses think they know better...

 

[Swa]

Only problem is, once they hack you they've hacked you forever. The real solution is something you carry with you that can be changed like a flash drive.

zeitgeist

 

[deweyzeph]

LastPass. Just saying.

 

[Lupus]

Yup and IT departments keep pushing the 45 day password refresh. Cause nothing says secure like Jun3 2016 or wifes name plus a number and a special character.
Instead of allowing me to enter in a sentence I can remember I need to have special characters and numbers and and

 

[Openhost]

I like this https://getclef.com/features/

 

[Arthur]

What I find a little irritating is that many websites still limit the password length. I've taken to using sentences in classical or obscure languages, and it really grates when I can't use my current eleven-word quote from an obscure but memorable phrase from Ovid, with a number and special char sprinkled in. I need password fields that can take sixty characters.

 

[Swa]

I like this https://getclef.com/features/

Every time a user logs in, they will be uniquely identified with their fingerprint using Apple's Touch ID technology. With secure biometrics, you can trust that your users are who they say they are.

If a user's device doesn't support Touch ID, Clef securely falls back to a PIN on the device — there's always a second-factor.

That isn't 2-factor, it's simply an extra backup method.

 

[Openhost]

Security on a Windows machine is hardly any factor, i just mentioned that I liked it, have you seen the videos of clef? Its quite cool. Although, you will have to have your phone with you. Still nice though.

That isn't 2-factor, it's simply an extra backup method.

 

[backstreetboy]

There must be smarter security than a ban on dumb passwords

In cyberspace we are facing password fatigue, caused by having to recall endless streams of unrelated numbers and letters at odd times.

There is. It's called 2FA... Microsoft is just pissing in the dark. Instead of advertising it they ban weak passwords. With 2FA enabled your passwords can be weaker.

 

[Arthur]

There is. It's called 2FA... Microsoft is just pissing in the dark. Instead of advertising it they ban weak passwords. With 2FA enabled your passwords can be weaker.

Ja. Just make sure your second factor can't be hijacked, like some of the banking/SMS scams.

Where possible, I use an authenticator app on the phone to generate TOTP/HOTP security tokens from RFC6238. The only risk is were my phone to fall into a scamster's hands before I can change the 2FA on my profile for that site.