Soon, this could become a reality, thanks to a new password-free web authentication protocol announced today by standards bodies FIDO and W3C. It's called WebAuthn, and it uses an external authenticator such as a security key or mobile phone instead of a password. These devices will connect directly to websites by USB, NFC, or Bluetooth to create a "phishing proof" method to identify yourself. Google, Mozilla and Microsoft have agreed to incorporate the final version of the standard in their browser products. This method uses a specific device you have to create a token that lasts only as long as it takes to authenticate you. There is no password that could be phished, sniffed, or stored in a database and stolen. FIDO Alliance and W3C have a plan to kill the password – TechCrunch Posted via the PriusChat mobile app.
In the last office building I was working, if you ran up the stairwell to go up a floor or two, you needed to tap your passcard to release the door to get onto the floor. More than a few times I found myself reaching for my cellphone. Maybe on to something?
My phone was used remotely to log into a fraudulent account while I was asleep to make unauthorized purchases on my CC at a site I’d never been to. (I don’t use my phone or CC to buy anything online) Many CCs already use your IP to identify you and the type of fraud above is not only hard for them to detect, they will try to force liability for it on the card holder.
Some of us authenticate ( & authorize) ourselves at more than websites. For example, networks, computer & server OSs and other equipment without optical or RF sensors. Technically, we authenticate to our Prius with the Key Fob. Not everything is Internet connected either. The most secure things are not connected to the public Internet..
Cool way to look at it: the Prius has an ultra-low-res fingerprint reader on the door handles, but it's two-factor and also requires the Key Fob.
FHOP Learning Time!! AAA Authentication in the Prius Authentication - Who are you? Authorization - What are you permitted to do? Accounting - What did you do? The Prius Authenticates the fob as a trusted device. The Prius then Authorizes it to enter and start the car. While in operation, the Prius stores miles traveled, fuel used, and average speed among other things as Accounting information.
Members FIDO Alliance Members: Bringing together an ecosystem - FIDO Alliance If those are members of an open standards group, I'll eat my red hat fedora .... See also The Open Group FIDO Alliance - FIDO Alliance extra points: What is SystemD -ebug super duper extra points Facebook to send Cambridge Analytica data-use notices to 87 million users Monday and another / quote The Outline There's plenty more where that came from.
I have a few sites, including work sites, where I've had to key in a code that's sent to my phone. Been doing this for at least a year.
This has been so long overdue! Passwords are some of the worst security measures in today's world. I can't wait till they are long forgotten history.
I always access from my computer (laptop), then code to my phone. If someone hacks my phone for the code, then how do they get into my account without the password also?
it's a phone - do you need to say anything else? I hear something whispering about iOS crypto in my background.
