Tried to write up this post on 5/5/2022, World Password Day, but other posts managed to jump ahead of it. Also, was busy adding another ground wire to my electric fence, and another electric entry/exit ‘gate‘ on it wore my old arse out. It’s only about 2-feet high, wid ground-hot-ground-hot wires running around my property, and used mainly to keep stray dogs out (kept my dog in when he was alive). Just low voltage tingle type of shock, but animals large or small avoid it after getting a taste of it. The electric 3-wire ‘gate‘ wid a Rubber Gate Handle on each wire even keeps salespersons out. Small sign on top wire says “Electric Fence” and salespersons avoid it altogether. Most (not all) campaigning politicians just seem to step over the roughly 2-foot high fence.
As most readers here know, I am a Fulltime Linux Root User on my own computers, and I don’t like annoying “Authenticate” popups or other types of ‘Pesky Passwords’. Windows OSes give users the option of a login password or not. Chrome OS & CloudReady OS have a login password requirement, but none after that. None of my Android phones ever required a password from me, but have heard that some expensive phones offer a login password option or even a “fingerprint” ‘tHiNGiE‘ for logging in.
Then…there are the email passwords, the bank password, the credit card password, the blog password, the Amazon password, the Newegg password, the pay phone password, the pay ISP for internet password, the pay electric company password, and etcetera etcetera etcetera.
Nobody likes passwords. They’re inconvenient. They’re a prime target for attacks. Yet for years they’ve been the most important layer of security for everything in our digital lives—from email to bank accounts, shopping carts to video games.
We are expected to create complex and unique passwords, remember them, and change them frequently, but nobody likes doing that either. In a recent Microsoft Twitter poll, one in five people reported they would rather accidentally “reply all”—which can be monumentally embarrassing—than reset a password.
My friend, Bret Arsenault, our Chief Information Security Officer (CISO) here at Microsoft likes to say, “Hackers don’t break in, they log in.” That has stuck with me ever since I first heard him say it because it’s so true.
Weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts. There are a whopping 579 password attacks every second—that’s 18 billion every year.
Passwordless authentication eliminates reliance on passwords and delivers a host of business benefits, including a better user experience, reduced IT time and costs and a stronger security posture. The market, however, is not yet in a place where passwordless authentication is easily achievable.
That’s just an eBook site, i.e. not a lot of info, but I liked the pic as a logo for this post! 😉 However, it points out how annoying “Authenticate” popups or other types of ‘Pesky Passwords’ literally interrupts you ‘n slows down your Workflow.
More Passwordless articles
Google, Apple and Microsoft announce plans for a passwordless future – “This milestone is a testament to the collaborative work being done across the industry to increase protection and eliminate outdated password-based authentication,” says Mark Risher.
Google, Apple, Microsoft make a new commitment for a “passwordless future” – Passwords may soon be a thing of the past now that these major tech companies have extended support for passwordless FIDO sign-in standards.
Some of the world’s biggest tech companies are throwing considerable weight behind a common passwordless sign-in standard that could finally signal the end of static credentials for many users.
Although the companies already support passwordless log-ins, users previously had to sign in to each website or app separately on each device before they could use the functionality.
Under the new proposals, users will be able to automatically access their FIDO sign-in credentials or “passkey” on their devices, including new ones, without needing to re-enroll each account.
The news means those using Android and iOS mobile operating systems, Edge, Safari and Chrome browsers, and Windows and macOS desktop operating systems will soon be able to say goodbye to passwords permanently.
- Firefox ‘n Linux are not mentioned…ummmmm.
FIDO, Finally, Almost: Passwordless authentication is now becoming a possible dream, thanks to the ongoing standards work at the Fast Identity Online (FIDO) Alliance and the collaboration between competitors, such as Microsoft and Google.
Whether your OS is the browser, or whether it’s Windows, FIDO is not far. At an RSA Conference 2018 presentation, Microsoft and Google shared their roadmaps.
Passwords: The #1 Security Capability we Love to Hate
Passwords have served the industry well over the years, but come with a fundamental architectural weakness: they are what’s called “shared secrets,” that is, not really secrets. Worse, any password a user can remember has limited entropy available to resist increasingly sophisticated password cracking attacks. The only way to increase password assurance has been to sacrifice convenience by having many, more complex, and longer passwords. Users are not very good at this, and password manager tools have proven a poor crutch.
I’ve been telling Linus Torvalds, the Linux Foundation, Linux Developers, and Submissive Linux Users for about 2 years now that their password demands, especially for Home Desktop users, totally lacks true security, and is beyond just being archaic.
- Starting to look like Linux has ‘Missed the Boat‘ once again, huh.
Well, my primary OS Windows 11 doesn’t have any login requirements or annoying “Authenticate” popups or other types of ‘Pesky Passwords’ now, and Firefox remembers my website’s password if I have them saved.
Windows 10/11 come standard wid one of the best virus protections around, Windows Security, and I don’t want my phone connected or ‘synced‘ to/wid any of my computers. That phone is only for talking on…definitely not *EVER* used for banking or shopping!
I’ll see how Passwordless comes out…may end up moving to Chrome browser for banking ‘n shopping, but too soon to tell right now.
Will add this post to the *Linux Security Issues* page…
LINUX IS LIKE A BOX OF CHOCOLATES – you never know what you’re gonna get!