|
Usernames and passwords are the de facto standard for accessing user accounts on the web, so it’s likely that if your users have accounts, that’s the way you have them sign in. Keeping up with best practices for handling passwords can be hard, but is important for your users safety. Here’s a quick list of the things you should be doing to secure your passwords today. Is it time to move beyond passwords for security?
|
|
|
|
|
Terrence Dorsey wrote: Is it time to move beyond passwords for security?
To what?
biometrics sound like a good idea; but for anything beyond decrypting a local store they're not. Changing a widely used password is a pita if it's compromised; but try changing your fingerprint if an attacker gets a copy of it...
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Biometrics for security is basically using a password that you leak everywhere you go and you can never change it.
And to make things worse: the hardware used as gatekeepers will always lag behind the latest gadgets available to criminals to analyze the information you are unknowing and unwillingly spreading around every day.
Any $10K biometric security system that's secure today can be cracked by anyone with $1000 equipment tomorrow. It's an uphill battle you'll never win. Eventually you'll be spending so much money on security that you're better off getting hacked.
.
|
|
|
|