The end of passwords?

[Ironcat]

Although the article below doesn't yet refer to complete password free method, I am seeing it in other instances where your meta data is being used to prove whether it's really you or not.

------------------------------

Google is testing password-free logins
14 Hours Ago

Google's quest to kill the password is gathering steam.

The U.S. search giant confirmed on Tuesday it is testing a way for users to log its in to services using just their smartphone and no password.

"We've invited a small group of users to help test a new way to sign-in to their Google accounts, no password required. 'Pizza', 'password' and '123456'—your days are numbered," the company said in a statement.

A user needs to authorize their mobile device to allow them to login with it. Then they would put their Gmail address into a Google login page on their desktop for example. A user will then get a message which reads, "trying to sign in?", after which they must open the notification. They are then able to sign in without a need for a password.

The login steps and trial were first flagged up by Reddit user Rohit Paul.

Users are still able to use their password to sign in to Google services if they wish, so even if the phone dies or isn't nearby, you can still log in. The alternative login method also only works on a phone that has a password-protected screen unlock, or a fingerprint identification method, so if you lose your phone, nobody else can log in to your accounts.

Passwords are often targeted by hackers in so-called phishing attacks, where they may send a scam email to an unsuspecting user asking for a password. Also, many people use the same password for several accounts and this is often a weak spot.

Google has been trialing other ways to bolster its security. The search giant already enables so called two-factor authentication, where a user is sent a text message with a code that they use to sign in to Google services.

Security has been a big focus for technology companies recently amid an increasing threat from hackers. Earlier this year, Yahoo released a similar no password login feature for its services called Yahoo Account Key.

http://www.cnbc.com/2015/12/23/google-is-testing-password-free-logins.html

 

[Justcrazy]

Good move.

 

[JaDed]

Finally, too hard to remember so many passwords glad someone is taking initiatives but what if the phone is stolen?

 

[Duncan_Ferguson]

so hackers can simply mimick the metadata ? .... doesn't seem like a lasting solution

 

[Varun]

I particularly dislike websites which ask for you to setup a more difficult password: at least one special character (except *), numeral, strictly one uppercase and lowercase character blah blah.

And the next time you want to login you'll have to click 'Forgot Password' and set one up all over again.

 

[JaDed]

I particularly dislike websites which ask for you to setup a more difficult password: at least one special character (except *), numeral, strictly one uppercase and lowercase character blah blah.

And the next time you want to login you'll have to click 'Forgot Password' and set one up all over again.

Dominos pizza is an example of that..nowadays i just login through gmail for that.

 

[Varun]

Dominos pizza is an example of that..nowadays i just login through gmail for that.

That's a terrible website. So 2005.

I find their entire operation to be a scam, starting with their supposed 30-minutes nahi toh free deal.

 

[DrSchultz]

Guys just use LastPass and remember one strong password for all your sites!

 

[ExplicitAI]

The fingerprint for the IPhone 6 works like a charm

 

[#GreenRoars]

Lol, stupid idea.

 

[Ironcat]

How many people here use a password manager? I think DrSchultz likes Lastpass. Anyone else using a manager?

 

[sweep_shot]

Isabelle, an actor based in London, had her identity stolen in 2017. "I got home one day and found my post box had been broken into," she says.

"I had two new credit cards approved which I hadn't applied for, and a letter from one bank, saying we've changed our mind about offering you a credit card."

She spent £150 on credit checking services alone trying to track down cards issued in her name.

"It's a huge amount of work and money", says Isabelle, who asked for her last name to be withheld.

Identity theft is at an all-time high in the UK. The UK's fraud prevention service CIFAS recorded 190,000 cases in the past year, as our increasingly digitised lives make it easier than ever for fraudsters to get their hands on our personal information.

So how should we keep our identities secure online? The first line of defence is, more often than not, a password.

But these have been in the news lately for all the wrong reasons. Facebook admitted in April that the passwords of millions of Instagram users had been leaked.

Late last year, question-and-answer website Quora was hacked with the names and email addresses of 100 million users compromised. And Yahoo! recently settled a lawsuit over the loss of data belonging to 3 billion users, including email addresses, security questions and passwords.

No wonder that Microsoft announced last year that the company planned to kill off the password, using biometrics or a special security key.

IT research firm Gartner predicts that by 2022, 60% of large businesses and almost all medium-sized companies will have cut their dependence on passwords by half.

"Passwords are the easiest approach for attackers," says Jason Tooley, chief revenue officer at Veridium, which provides a biometric authentication service.

"People tend to use passwords that are easy to remember and therefore easy to compromise."

Not only would getting rid of passwords improve security, it would also mean IT departments would not have to spend valuable time and money resetting forgotten passwords.

"There is an annual cost of around $200 (£150) per employee associated with using passwords, not including the lost productivity," says Mr Tooley.

"In a large organisation that's a really significant cost."

Source: https://www.bbc.com/news/business-49877317.

 

[globalcitizen]

I have been using 2 step authentication now for all google based services and iPhone touch authentication for storing passwords for various websites.

 

[PakLFC]

Not comfortable with it. Need a password for online banking in particular. Some online activity is to personal for me to not have one.