Pages:
Author

Topic: Apple wants to replace all passwords with biometrics - page 3. (Read 387 times)

legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Does anyone think this will succeed?

I don't see any reason why this would not succeed. I completely agree that the security of smartphones is a joke anyway. Also most users are lazy and biometrics fit just fine to their needs.
The only question is if they can make biometrics reliable enough in all the versions they'll make. Since if at some point those won't work, they'll suddenly have a huge lot of angry customers.
What I mean is that it's not uncommon that on cheaper (and somewhat older?) Android phones fingerprint just fails to recognize you 7 of 10 times. Apple will not afford this kind of failures.
legendary
Activity: 3500
Merit: 6981
Top Crypto Casino
If someone gets a password leaked they will have problems with one account or one of many services, on the other hand, getting one's biometric data leaked means one cant use the same data anymore to access a service (not mentioning that data also has legal implications: passports, ID's, documents, Ect.).
Yep, that's my main problem when it comes to biometrics as once you get your data leaked you are screwed. And we all know how secure out data is...
Not being as tech-savvy as the rest of y'all, that wasn't my main problem with this.  I don't like biometric data being in the hands of big tech companies, because I don't trust who they're going to share that data with.  In fact, I don't trust big tech companies as a general principle (though unfortunately I'm in an abusive relationship with them that I can't seem to get out of).

The article cites the fact that many people are using passwords like "123456" and so forth.  I'm not sure if that's an argument for the implementation of biometric "passwords" as much as it is for educating people on using stronger passwords and just being more mindful of their online security in general.  But I swear, if this becomes the industry standard, you'll be seeing me in 2040 using a smartphone from 2022--and hopefully living in my campaign farm castle in utopia somewhere where the weather is nice and the women abound.  Lol.
legendary
Activity: 1722
Merit: 5937
Does anyone think this will succeed?
Yeah it probably will as users will always go for more convenient option, not thinking about the consequences.

One suggestion: no need to copy/paste the whole article, few paragraphs that cover what it is about should be enough and then those who want to read the rest can do it at the source.


This should succeed in the future since this is the only solution to secure accounts compared to using a password that is vulnerable to any attacks like phishing, brute-force attacks and etc...
Biometrics verification also has its own set of the problems and its far from being perfect. For me personally password protection is still the way to go, and if set properly (saomething that many fail at but that's not password problem)it is still superior to biometrics in vast majority of cases.


If someone gets a password leaked they will have problems with one account or one of many services, on the other hand, getting one's biometric data leaked means one cant use the same data anymore to access a service (not mentioning that data also has legal implications: passports, ID's, documents, Ect.).
Yep, that's my main problem when it comes to biometrics as once you get your data leaked you are screwed. And we all know how secure our data is...

hero member
Activity: 2702
Merit: 672
I don't request loans~
This technically combats methods to crack passwords such as Bruteforcing, Rainbowattacks, and methods similar to it, but I don't think it prevents phishing/malware. From what I read said passkeys would store the biometric data in the devices themselves and not a server, so hackers can technically get said data right? I guess the idea is worth it if it prevents part of the methods that are used to steal the passwords of others but I think new issues are created like others have said which is you can't exactly change your biometrics.

legendary
Activity: 1162
Merit: 2025
Leading Crypto Sports Betting & Casino Platform
Despite of biometrics solutions being better than passwords, they are still vulnerable to theft of data, the biometric information can be stolen.
I'd rather an approach where people started to use universal small cryptographic devices which would work in a similar way Trezor T does to login through U2F, maybe even combine both approaches to harden the security of the accounts.

It also worries me the fact that biometric data is far more sensible than passwords. If someone gets a password leaked they will have problems with one account or one of many services, on the other hand, getting one's biometric data leaked means one cant use the same data anymore to access a service (not mentioning that data also has legal implications: passports, ID's, documents, Ect.).

In the end, we can change our passwords but we cannot change our fingerprints, our iris or face so easily...
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
I wonder how they plan to make the system secure against malware and similar attacks. I'd assume maybe a separate chip would be the best way to go with this but that might eat into their profits so they'll probably find a way that's less secure but still robust against attackers (eg a space away from where a normal user or app would be able to access).

I'd be surprised if this hasn't already been attempted or already been done with this already, I think this technology could be made more secure if an nfc card was also used to offer an extra key to decrypt the password database (eg the main encryption key as you won't get much with that alone - they can also likely already be made more secure as bank cards have already had to be).
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
This should succeed in the future since this is the only solution to secure accounts compared to using a password that is vulnerable to any attacks like phishing, brute-force attacks and etc...

Biometrics is already been tested for many years not just on Apple devices but also on Android devices. I have my phone not apple but Samsung the Iris scanner for my pattern or passwords looks the best Biometrics that I have ever experienced.
 
But I hope they don't totally remove the password login because if the owner or a user accidentally has a broken/missing finger or had scars on their face they can't easily access their account and it may become an unrecoverable account.

So owners/users should still have an alternative way to log in like passwords or recovery seed for emergency cases.
legendary
Activity: 2562
Merit: 1441
Quote
Apple’s iOS 16 and macOS Ventura will introduce passwordless login for apps and websites. It’s only the beginning.

YOUR PASSWORDS ARE terrible. Year after year, the most popular passwords leaked in data breaches are 123456, 123456789, and 12345—‘qwerty’ and ‘password’ come close behind—and using these weak passwords leaves you vulnerable to all sorts of hacking. Weak and repeated passwords are one of the most significant risks to your online life.

For years, we’ve been promised a more secure, password-free future, but it seems like 2022 will actually be the year that millions of people start to move away from passwords. At Apple’s Worldwide Developer Conference yesterday, the company announced it will launch passwordless logins across Macs, iPhones, iPads, and Apple TVs around September of this year. Instead of using passwords, you will be able to log in to websites and apps using “Passkeys” with iOS 16 and macOS Ventura. It’s the first major real-world shift to password elimination.

So how does it work? Passkeys replace your tired old passwords by creating new digital keys using Touch ID or Face ID, Apple’s vice president of internet technologies, Darin Adler, explained at WWDC. When you are creating an online account with a website, you can use a Passkey instead of a password. “To create a Passkey, just use Touch ID or Face ID to authenticate, and you’re done,” Adler said.

When you go to log in to that website again, Passkeys allow you to prove who you are by using your biometrics rather than typing in a passphrase (or having your password manager enter it for you). When signing in to a website on a Mac, a prompt will appear on your iPhone or iPad to verify your identity. Apple says its Passkeys will sync across your devices using iCloud’s Keychain, and the Passkeys are stored on your devices rather than on servers. (The use of iCloud Keychain should also solve the problem of losing or breaking your linked devices.) Under the hood, Apple’s Passkeys are based on the Web Authentication API (WebAuthn) and are end-to-end encrypted so nobody can read them, including Apple. The system for creating Passkeys uses public-private key authentication to prove you are who you say you are.

A passwordless system would be a significant step forward for most people’s online security. As well as eliminating guessable passwords, removing passwords reduces the likelihood of successful phishing attacks. And passwords can’t be stolen in data breaches if they don't exist in the first place. (Some apps and websites already allow people to log in using their fingerprints or using face recognition, but these usually require you to first create an account with a password.)

Apple’s Passkeys aren’t entirely new—the company first detailed them at 2021’s WWDC and started testing them shortly after—and Apple isn’t the only one that wants to eliminate passwords. The FIDO Alliance, a tech industry group, has been working on the underlying standards needed to ditch passwords for almost a decade, and Apple’s Passkeys are the company’s implementation of these standards.

In recent months, FIDO has taken a series of important steps to bring the password’s demise closer to reality. In March, FIDO announced it has figured out a way to store the cryptographic keys that sync between people’s devices, calling them “multi-device FIDO credentials” or “passkeys.”

This was followed in May by Apple, Microsoft, and Google declaring their support for the FIDO standards. Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, said adoption of the standards would keep more people safe online. At the time, the three tech giants said they would start rolling out the technology “over the course of the coming year.” Microsoft account owners have been able to ditch their passwords since September of last year, and Google has been working on its passwordless technology since 2008.

When all the tech companies have rolled out their version of passkeys, it should be possible for the system to work across different devices—in theory, you could use your iPhone to log in to a Windows laptop, or an Android tablet to log in to a website in Microsoft’s Edge Browser. “All of FIDO’s specs have been developed collaboratively, with inputs from hundreds of companies,” says Andrew Shikiar, the executive director of the FIDO Alliance. Shikiar confirms that Apple is the first company to start rolling out passkey-style technology and says this shows “how tangible this approach will soon be for consumers worldwide.”

Any success for a passwordless future depends on how it works in reality. At the moment, there are unanswered questions about what happens to your Passkeys if you want to ditch Apple’s ecosystem for Android or another platform. (Apple hasn’t yet responded to our request for comment.) And developers still need to implement changes to their apps and websites to work with Passkey. Plus, to gain trust in any system, people need to be educated about how it works. “Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today,” ​​Alex Simons, the head of Microsoft’s identity management efforts, said in May. In short: If cross-device systems are clunky or a pain to use, people may shun them in favor of weak but convenient passwords.

While Apple’s Passkey and Google and Microsoft’s equivalents are still some months away (at the very least), that doesn’t mean you should idly keep using your weak or repeated passwords. Every password you use—whether it’s for a one-time account used to buy DIY supplies or your Facebook account—should be strong and unique. Don’t use common phrases, names of friends or pets, or personal information linked to you in your passwords.

Instead, your passwords should be long and strong. The best way to achieve this is by using a password manager, which can help you create and store better passwords. You can find our pick of the best password managers here. And while you’re thinking about your security, turn on multi-factor authentication for as many accounts as possible.


https://www.wired.com/story/apple-passkeys-password-ios16-ventura/


....


Apple wants to replace passwords with facial recognition and fingerprint derived passcodes.

One of bitcoin's biggest selling points was it catering to a claimed 4 billion unbanked demographic around the world.

Apple's shift towards biometric based passcodes trends in the opposite direction. It limits their userbase by hardware support. Fewer end users have facial or fingerprint recognition to support the system.

Over the years there have been many successful attempts to fool fingerprint scanners. Biometrics certainly are not foolproof or hack proof.

Does anyone think this will succeed?
Pages:
Jump to: