{"id":45646,"date":"2021-07-07T13:10:20","date_gmt":"2021-07-07T17:10:20","guid":{"rendered":"http:\/\/pappp.net\/?guid=1e0c2af46411fa90742df3dceb8439d9"},"modified":"2021-07-07T13:10:20","modified_gmt":"2021-07-07T17:10:20","slug":"why-the-password-isnt-dead-quite-yet","status":"publish","type":"post","link":"https:\/\/pappp.net\/?p=45646","title":{"rendered":"Why the password isn\u2019t dead quite yet"},"content":{"rendered":"<p class=\"syndicated-attribution\">Source: <a href=\"https:\/\/arstechnica.com\/?p=1778652\">Ars Technica<\/a><\/p>\n<div style=\"background-color : #fff7d5;\n\t\t\tborder-width : 1px; padding : 5px; border-style : dashed; border-color : #e7d796;margin-bottom : 1em; color : #9a8c59;\">Article note: Passwords win because they are _disposable_.    \n\nI don't _want_ to give random internet hustler #83445 more information about or access to me for them to misuse or to be leaked in their next breach.  I don't want to give a phone number that will be used for marketing purposes after they get bought out, install an intrusive app on my phone, hand over biometric data that they'll totally hash properly like they fail to do passwords, let randos leave tracking residue on my machine, or accrue a pile of expensive variously-incompatible physical tokens to manage.<\/div><div>\n<figure><img src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2013\/08\/long-password-640x426.jpg\" alt=\"Not exactly a 25-character, randomized string of numbers, letters, cases, and symbols. \" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/><p>Not exactly a 25-character, randomized string of numbers, letters, cases, and symbols.  (credit: Dan Goodin)<\/p>  <\/figure><div><a name=\"page-1\"><\/a><\/div>\n<p>There are certain sci-fi promises the future is supposed to hold: <a href=\"https:\/\/www.wired.com\/story\/richard-browning-iron-man-jetpack-suit-flying-video\/\" rel=\"noopener noreferrer\">jetpacks<\/a>, <a href=\"https:\/\/www.wired.com\/story\/future-of-transportation-kitty-hawk-self-flying-cars\/\" rel=\"noopener noreferrer\">flying cars<\/a>, a <a href=\"https:\/\/www.wired.com\/2016\/09\/elon-musk-colonize-mars\/\" rel=\"noopener noreferrer\">Mars colony<\/a>. But there are also some seemingly more attainable goals that somehow also always feel just on the horizon. And one of the most tantalizing is the end of passwords. The good news is that the infrastructure&mdash;across all the major operating systems and browsers&mdash;is largely in place to support passwordless login. The less-good news? You're still plugging passwords into multiple sites and services every day, and you will be for a while.<\/p>\n<p>There's no doubt that passwords are an absolute <a href=\"https:\/\/www.wired.com\/2012\/11\/ff-mat-honan-password-hacker\/\" rel=\"noopener noreferrer\">security nightmare<\/a>. Creating and managing them is annoying, so <a href=\"https:\/\/www.wired.com\/story\/what-is-credential-stuffing\/\" rel=\"noopener noreferrer\">people often reuse them<\/a> or choose easily guessable logins&mdash;or both. Hackers are <a href=\"https:\/\/www.wired.com\/story\/fancy-bear-russia-brute-force-hacking\/\" rel=\"noopener noreferrer\">more than happy<\/a> to <a href=\"https:\/\/www.wired.com\/story\/mystery-malware-stole-26-million-passwords-from-windows-computers\/\" rel=\"noopener noreferrer\">take advantage<\/a>. By contrast, passwordless logins authenticate with attributes that are innate and harder to steal, like biometrics. No one's going to guess your thumbprint.<\/p>\n<p>You likely already use some version of this when you unlock your phone, say, with <a href=\"https:\/\/www.wired.com\/story\/tried-to-beat-face-id-and-failed-so-far\/\" rel=\"noopener noreferrer\">a scan of your face<\/a> or your finger rather than a passcode. Those mechanisms work locally on your phone and don't require that companies store a big trove of user passwords&mdash;or your sensitive biometric details&mdash;on a server to check logins. You can also now use <a href=\"https:\/\/www.wired.com\/story\/yubikey-series-5-fido2-passwordless\/\" rel=\"noopener noreferrer\">stand-alone physical tokens<\/a> in certain cases to log in wirelessly and without a password. The idea is that, eventually, you'll be able to do that for pretty much everything.<\/p><\/div><p><a href=\"https:\/\/arstechnica.com\/?p=1778652#p3\" rel=\"noopener noreferrer\">Read 15 remaining paragraphs<\/a> | <a href=\"https:\/\/arstechnica.com\/?p=1778652&amp;comments=1\" rel=\"noopener noreferrer\">Comments<\/a><\/p><div>\n<a href=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?a=zqlmedKWQZk:Iqd7ioSGazY:V_sGLiPBpWU\" rel=\"noopener noreferrer\"><img src=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?i=zqlmedKWQZk:Iqd7ioSGazY:V_sGLiPBpWU\" border=\"0\" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/><\/a> <a href=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?a=zqlmedKWQZk:Iqd7ioSGazY:F7zBnMyn0Lo\" rel=\"noopener noreferrer\"><img src=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?i=zqlmedKWQZk:Iqd7ioSGazY:F7zBnMyn0Lo\" border=\"0\" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/><\/a> <a href=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?a=zqlmedKWQZk:Iqd7ioSGazY:qj6IDK7rITs\" rel=\"noopener noreferrer\"><img src=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?d=qj6IDK7rITs\" border=\"0\" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/><\/a> <a href=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?a=zqlmedKWQZk:Iqd7ioSGazY:yIl2AUoC8zA\" rel=\"noopener noreferrer\"><img src=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?d=yIl2AUoC8zA\" border=\"0\" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/><\/a>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Not exactly a 25-character, randomized string of numbers, letters, cases, and symbols.  (credit: Da&#8230;<\/p>\n<p> <a href=\"https:\/\/pappp.net\/?p=45646\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226],"tags":[],"class_list":["post-45646","post","type-post","status-publish","format-standard","hentry","category-news-2"],"_links":{"self":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/45646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=45646"}],"version-history":[{"count":0,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/45646\/revisions"}],"wp:attachment":[{"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=45646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=45646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=45646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}