End of passwords (well maybe not yet)

h3n741.g33k

Registered
Lewd
Joined
Sep 23, 2023
Threads
21
Messages
133
Reaction score
22
LC COIN
23
So, google announced this week they will be sunsetting on oldfashioned passwords and security questions for the "google pass" system. Pass, basically, you 2FA with your device and they want your biometrics (face or thumb verify) rather than a password, though supposedly the identity theft can be avoided with a PIN or something.

Anyway, these changes will take a while to implament. Especially since it's not enturely legal for them to force everywhere to change.

Point is, what are all your thoughts on the matter? How long you think for the rest of the main tecg platforms to follow suit? It certainly puts a question on how you may want to handle email in the future. Especially with how poorly google handled security of their chat/messenger environment, especially these past two years. Highest rate of scams on a single platform vs what happened when CraigsList dropped casual encounters on that one.

Does put to question though, if there is a reliable platform for FOSS email systems that are secure and maybe one that won't offer the only way to log in = to give it your device/location and biometric data.
 
Kind of hard to do that on a desktop...
 
Kind of hard to do that on a desktop...
yes n no. They have the webcam facelock thing since 2008. And computers can come with a fingerprint scanner, mostly thats a laptop thing though (and mostly only for Govt or high corporate so far). Its not a standard required implamentation obviously but things could change. The techs been there for almost 16 years now.
 
two words Yubi Key, the are one of the best hardware keys.
 
biometrics.... this can only end well.
 
  • Like
Reactions: 1 user
It's been in the works for a while, 'passkeys' I think they're calling them. I've been using it some some sotes for a bit. The simple password-only approach has had its time really. There's not really a benefit to them. We could have removed them ages ago and logged into sites just by username, at which point it would send you an email that you have to click within like 60 seconds to validate the login.
So long as your email is secure, there's nothing wrong with that approach. Of course, how to secure the email account is a whole different problem!
 
  • Like
Reactions: 1 user
It's been in the works for a while, 'passkeys' I think they're calling them. I've been using it some some sotes for a bit. The simple password-only approach has had its time really. There's not really a benefit to them. We could have removed them ages ago and logged into sites just by username, at which point it would send you an email that you have to click within like 60 seconds to validate the login.
So long as your email is secure, there's nothing wrong with that approach. Of course, how to secure the email account is a whole different problem!
exactly there are some good secure e-mail platforms. Proton for one and can be extra secure based on how you set it up, or even Google with only access by a hardware key. Of course nothing is hackproof, but can make it more difficult.
 
So, google announced this week they will be sunsetting on oldfashioned passwords and security questions for the "google pass" system. Pass, basically, you 2FA with your device and they want your biometrics (face or thumb verify) rather than a password, though supposedly the identity theft can be avoided with a PIN or something.

Anyway, these changes will take a while to implament. Especially since it's not enturely legal for them to force everywhere to change.

Point is, what are all your thoughts on the matter? How long you think for the rest of the main tecg platforms to follow suit? It certainly puts a question on how you may want to handle email in the future. Especially with how poorly google handled security of their chat/messenger environment, especially these past two years. Highest rate of scams on a single platform vs what happened when CraigsList dropped casual encounters on that one.

Does put to question though, if there is a reliable platform for FOSS email systems that are secure and maybe one that won't offer the only way to log in = to give it your device/location and biometric data.
That would be terrible
 
unless they fix the issue of ppl losing their phones and possibly losing access to their account when they lose their phone its hard to push their new project. they would have to require ppl to send their ID's if they really want to go that way.
 
biometics is less safe then passwords. a normal phona has enough resulution to trick such a scan so all ppl need is phots of the person to gain access.
 
Back
Top Bottom