When will the era of passwords come to an end?

by
in security on (#2RYV)
I personally have to manage upwards of 180 passwords on a regular basis and lots of folks deal with more than that. Sure, you can simplify by reusing passwords, but common sense says that's a bad idea. But better systems inevitable require you manage them in a password app or equivalent, which opens another vulnerability, as cracking that data store can net a crook your entire password collection. Clearly, there's progress to be made here.
The reported theft of 1.2 billion email passwords by Russian hackers earlier this month was just the latest in a long string of major password security breaches that have led some people to wonder if the use of passwords should be abandoned.
But given recent breaches of systems and so on, the BBC is asking the inevitable question, which is has the flawed password system finally reached its end, and if so, what will replace it? Check out their review of alternatives, including digital portraits, voice recognition, and more.

What about Pipedotters: how do you manage your passwords, and which direction makes sense for this not-evolving-fast-enough technology?

random passwords (Score: 1)

by seriously@pipedot.org on 2014-09-01 19:18 (#2RZ1)

So far, for websites I use pseudo-random password (generated using "$ openssl rand -base64 24") and I let the browser memorizes them (but I don't export it to my backups). So only my browser password to remember. The day they get erased or I change laptop, I guess I'll just click on the "Forgot your password ?" links wherever I need it. And websites I never visit ? oh well, I don't need them anyway (I'm pretty sure I've lost my slashdot credentials a long time ago and I have zero intention to get them back :-) )

As for ssh (or ssh-based) connexion, I use public/private key pairs with passphrases, I only have 3 different pair of keys so far, so only 3 different passphrases to remember

I would actually be interested in knowing which tool to use to manage all my passwords outside of the browser and still have them auto-complete when I log into a website.

I would be even more interested into some easy smartcard-like technology where I would use one of my USB stick with my GPG key on it to manage all of that. step 1: format USB key and fill it with some sort of GPG key, step 2: plug the USB key into laptop (+ maybe some 2-step verification ?) step 3: identified. step 4: the moment you unplug the USB key, you're offline.

But I know nothing about security or cryptography, so probably this is all highly insecure and/or dumb ...
Post Comment
Subject
Comment
Captcha
Two plus 7 is what?