Users warming up to replacing traditional passwords with next-level authentication

[Batu69]

On the heels of Google disclosing its plans to replace conventional Android device passwords with biometrics-based trust scores, a new study has come to light in which 52 percent of surveyed consumers said they would prefer a more modern authentication method over traditional username and password mechanisms.

 

They study from customer identity management firm Gigya, compiled responses from 4,000 consumers across the U.S. and U.K., including Millennials, Gen Xers and Baby Boomers. According to the survey, 29 percent of respondents would prefer using two-factor authentication, while another 20 percent expressed an affinity for biometrics.

 

Of the survey-takers who expressed a preference, 80 percent agreed that biometrics was more secure than traditional usernames and passwords, a statistic that would only seem to validate Google's strategy to overhaul its devices' user authentication technology. Last week at Google's I/O 2016 developer conference, the company announced that by the end of the year Android devices will determine whether or not a user is authorized based on an individual's facial scans, swiping patterns, typing speed, voice patterns, current location and physical gait.

 

Combined, these various data points would create a cumulative trust score that must reach a predetermined threshold in order for the user to be granted access. A recent TechCrunch report covered the conference, during the head of Google's ATAP research unit Daniel Kaufman said, “We have a phone, and these phones have all these sensors in them. Why couldn't it just know who I was, so I don't need a password? I should just be able to work.”

 

Such advances in authentication technology are desperately needed, if the Gigya survey is truly representative of the current state of credentials security. For instance, only 16 percent of respondents have created a unique password for each of their online accounts. For this very season, Reddit just forced a reset of 100,000 user passwords, following the news of the LinkedIn data breach.

 

Moreover, 56 percent use passwords such as names and birthdates, which are easily guessable and thus not secure. And 68 percent said that at one time or other, they abandoned the process of creating an online account but the password requirements were too strict and complex.

 

It's bad habits like these that can lead to a surge in account takeovers. Indeed, the survey found that within the last 12 months, more than 25 percent of respondents had an online account compromised, including 35 percent of Millennials, who based on their survey responses appear to have the laziest password habits among the three studied generations. (For instance, only 33 percent of Millennials said that they never create simple, easy-to-guess passwords, compared to 53 percent of Baby Boomers and 42 percent of Gen Xers.)

 

“Within the next 10 years, traditional passwords will be dead as an authentication form,” Patrick Salyer, CEO of Gigya, said in a press release. “Consumer-focused brands require modern customer identity management infrastructures that support newer, more secure authentication methods, such as biometrics. Businesses that are already using advanced authentication methods demonstrate increased customer registration and engagement while enjoying greater login convenience and security.”

 

Download: Gigya passwords study

 

Article source

[Pequi]

Welcome to the future.

Passwords can be reset by cloning people's cellphones and entering the wrong password in their accounts, retina scans can be obtained from selfies, fingerprints from hacking server's databases or even "social hacking", and "facial recognition", wow, too easy.

The advantage of plain passwords is they can be changed. Hack someone's biometrics, and that's it. You can clone them forever.

I guess someone must be breaking out the champagne. Party time. I won't say who. I phear all those government agencies.....

;)

[steven36]

10 minutes ago, Pequi said:

Welcome to the future.

Passwords can be reset by cloning people's cellphones and entering the wrong password in their accounts, retina scans can be obtained from selfies, fingerprints from hacking server's databases or even "social hacking", and "facial recognition", wow, too easy.

The advantage of plain passwords is they can be changed. Hack someone's biometrics, and that's it. You can clone them forever.

I guess someone must be breaking out the champagne. Party time. I won't say who. I phear all those government agencies.....

;)

Yes the FBI  is getting ready for this too  I read about it today .

https://www.eff.org/deeplinks/2016/05/fbi-ngi-privacyact

 

[LeeSmithG]

Retina scans cannot be copied from a picture.

 

The quality is not up-to the quality of being face-to-face with the reader.

 

You 'crack' a servers database, it's not hacked.

 

Facial recognition is the new-kid-on-the-block, but I see it the same as retina recognition.

 

The myth about removing some ones finger prints by slicing off their skin is a joke.

 

I think the way to go is make sure it's password based, maybe a minimum of twelve (12) characters, that include at least three (3) number key characters, three (3) numbers, an underscore and a couple of spaces.

 

That's how I roll blud.

 

To create a recognition system that is makes sure this is the case.

 

I remember olde skool cracking, like lamers yahoo chat user names.

 

They used their names or Disney characters as passwords.

 

Some even a series of zero's or same letters.

 

I blame the end user usually for security risks.

 

Sometimes one finds that the head of a database uses their child's name, their wife or girlfriends name or a Disney character name like Goofy.

 

Also, myself I have unique Hotmail accounts, unique means lets say [email protected], I don't have that, but you understand hopefully what I mean by unique, not [email protected].

 

M.P.'s, head of database and security, high rank workers in business's, head teachers, leader of a Northern Council, leader of a Southern Council, school teachers and every day Joe's and Denise's.

 

Another thing with respect to that, make those important use a .gov.uk email account or their i.s.p. email given to them by default.

 

These people gave out my unique email as theirs, as they're too stupid.

 

Wow the amount of top secret and confidential information I received, it was so bad the press could have had a field day.

 

The amount of opportunities I had to enter the back door of a server and help myself to information not for general use.

 

I am not a grass, so I contacted the relevant bodies and got them to deal with it.

 

I did find out three (3) people lost their jobs.

 

There are many ways where stupid creates a security risk, so on the other hand biometrics and other recognition systems are booted into touch too!

 

 

 

 

 

 

[steven36]

Biometrics may be new to you but the FBI  has been collecting  them since 2008  so its not new to them at all .

 

Quote

Since 2008, the FBI has been assembling a massive database of biometric information on Americans. This database, called Next Generation Identification (NGI),

 

[pc71520]

5 hours ago, steven36 said:

Bio-metrics may be new to you

but the FBI  has been collecting  them since 2008

They collect Medical Records, too. 

[CODYQX4]

.

[LeeSmithG]

CODYQ4X has chip-n-pin reached the U.S.A. yet?

 

Been here in the U.K. at least ten (10) years.

 

I ask this as I was watching a repeat from Malcolm in the middle and Hal robbed Malcolm of his new credit card at a ski lodge and no chip-n-pin was used to defraud Malcolm's account.

 

The episode is about ten (10) years old.

[CODYQX4]

.

 

[steven36]

6 hours ago, pc71520 said:

They collect Medical Records, too. 

The thing is the FBI said  that Biometrics is only 85%  accurate  meaning  there's a 15% chance  someone may look like you and you get arrested anyways and there's a small chance someone may look like you and could get in you're account but it's very slim that someone who looks like you would target you . But the system is flawed . If it ever gets to the point I have to use my face like a id or driver's permit just to log on forums  and stuff i will no longer log in no were unless i need to buy something  and i should not have to it then . the internet has always been flawed I can go down too the shops and buy something with cash and just give them money and walk out . They may have  CCTV  but it dont matter because ive not done nothing and i didn't have to  give them my name too buy it. It will kill the internet only people who dont care about there privacy will be left.

[Pequi]

The "security industry's" fairy tale:

https://www.sans.org/reading-room/whitepapers/authentication/biometric-scanning-technologies-finger-facial-retinal-scanning-1177

 

The truth:

Iris scans can be obtained from photos, or hacked from databases.

Faking them is "old"

https://www.wired.com/2012/07/reverse-engineering-iris-scans/

 

Retina scans can be obtained from medical records, or hacked from databases. Many businesses store them.

Fingerprints can easily be obtained with social engineering by simply handing a glass of water to someone, then scanning the fingerprint and even 3D printing the "finger". Or by hacking databases.

Two pass account authentication, with the password reset sent to your mobile - how naive.

Facial scans ? Won't even bother to explain.

The bottom line. If someone gets their hands on your biometrics, no matter what new bank account you open, which new store you buy from, what new site you visit, you are p4n3D for life. Unless you burn your face, dip your fingers in acid and shove a nail into your eyes. That'll work, until the next hack.

Not so with with plain passwords. They can easily be hacked from databases or obtained by phishing, but they can also even more easily be CHANGED.

Biometrics only interest the "bad" guys. The average guy ALWAYS loses.

What's next, mandatory implanted RFID chips ? They were hacked 10 years ago.

Welcome to 1984.