Passwords to go?

(updated 2018.5.10, 2019.4.9)

ZDNet has a post on how Microsoft is working to eliminate passwords.

“For Microsoft, multi-factor authentication and biometrics is seen as a good replacement for passwords — using a physical key, and/or your face or fingerprint to log into your device instead of a string of letters and numbers.”

So, we have yet another “key” (more like a USB plug) on our key rings, to forget and leave behind someplace plugged into the computer. I work in a library – do you know how often people forget USB flash drives?  Often, despite our warnings.  Some people should just give up and buy a retractable key ring reel for their belt.

Or we have our faces, which have already been counterfeited with photos (and if your photo i.d. is stolen from online, how do you change your face?!?!).

And there’s fingerprints. Better enter all of them, because if you have a bandage on them (oops! hot object!), it’s useless. And the same problem as faces – even easier to counterfeit (does your smartphone sense real flesh? Mine can be fooled with a stylus) and your fingerprints are impossible to replace if stolen from online storage.

This might not be the answer for a while, yet.  Keep working, Microsoft.


Oh, I see the browsers are doing this.

“That’s thanks to an emerging W3C standard called Web Authentication or WebAuthn, which is enabled by default in Firefox 60 and is coming later this month to Chrome 67, and Microsoft Edge. It’s also under consideration for Safari.

By removing passwords, the WebAuthn API will make phishing attacks a lot harder and gives users more convenient authentication choices, including hardware security key dongles such as a YubiKey device, fingerprint readers on smartphones, or facial-recognition systems like the iPhone X’s Face ID.”

I don’t have a dongle, and my staff computer has no camera or touch screen. So the Firefox 60 I just updated to wants me to start logging in to sync all the stuff I can’t use.

No, thanks, at this point.

(updated April 9, 2019)

And here we go: Cybercrime is selling full digital fingerprints already. Didn’t take long, did it?



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: