Sabtu, 15 Juni 2019

Tired of #$%& passwords? Single Sign-on could be savior - USA TODAY

The experience we know as password hell could be radically changed for the better within the next year and a half to three years. 

Struggling to come up with long strings of complex capital and lower case letters, numbers and symbols? That's so yesterday. 

That's the hope, anyway. 

In a fascinating interview with Google product manager Mark Risher in The Verge this week, he laid out his vision for why those passwords we've been told to create don't actually help.  

They have "no bearing on phishing, no bearing on password breaches, no bearing on password reuse," he said. "We think that it’s much more important to reduce the total number of passwords out there."

In other words, all that time you've been forced to spend trying to create tougher to crack passwords is a waste. At least that's the way he appears to see it. 

I think all Talking Tech readers would agree that anything we could do to eliminate the constant typing of passwords during our daily hours would be most welcome. 

But how to get there? 

Google wants you to use its single sign-on feature, which still requires a password and has Google authenticate your identity, for a second layer of authority, via text messages or via the Google smartphone app.

Apple just announced its answer to Google's sign-in, with an alternative that will be introduced to the iPhone and iPad in the fall, as part of the iOS13 software upgrade. Google has an 85.% market share for its Android phone system, to 14.9% for Apple, according to market tracker IDC. 

"Between the two of them, that's pretty much everyone's phone system," says Bob Rudis, the Chief Data Scientist for security firm Rapid 7. "So most everyone will get this by default over the next 18 to 36 months."

Facebook and Google have for years been offering consumers the ability to ditch having to recall their multiple passwords, and instead use their single sign-on system for gaining entry to websites. These tools don't even require the input of screen name and passwords, just a click of the "Sign in with" Facebook or Google tab. 

Apple hopes to go a little deeper, by using the Face ID and Touch ID biometrics features of the iPhone and iPad to bypass those clicks. If a website or app asks for an e-mail address, Apple will "create a unique email address that forwards to your real one," the company says. 

So how is single sign-on more secure, if Facebook is in charge? It's not, say security experts. "They’ve shown they can’t be trusted with our information," says Rudis. 

Google, however, is more trustworthy and Apple the best of the trio, he adds, due to its public commitment to privacy. 

Both are super convenient. Who wouldn't rather click a Facebook or Google icon instead of having to type in your name and password, once again? 

But not everyone we spoke with was in agreement that we can let our back down and forget about tough passwords. 

Even Google, on its website, recommends 8 characters minimum, and combinations of letters, numbers and symbols. Apple has the same requirements, with at least one number minimum. "You can also add extra characters and punctuation marks to make your password even stronger," the company says. 

"You can also make the password more complex by making it longer with a phrase or series of words that you can easily remember, but no one else knows," says Facebook. 

Andy Halverson, who runs IT for video firm Ooyala, looks to a password manager, and lets it create and remember the hard passwords, so he doesn't have to. He uses the password manager Dashlane, but there are many other popular ones, including Lastpass and 1Pass. 

"I like single sign-on, but this is another tool, and really convenient," he says.

James Litton, the CEO of security firm Identity Automation doesn't think single sign-on achieves much. "If it's a horrible password, your security situation hasn't improved," he says. 

He likes super long passwords, as many as 32 to 64 characters, but stored in a password manager. With a manager, you type in one master password, and the software logs you in. 

"It's more difficult for a bad guy to pick words out of a dictionary for a hack attack if I go long," he says. 

Meanwhile, for now, Rudis says a combination of long passwords and a password manager will lead to us "to that nirvana of being able to sign on with a single sign-on," everywhere.

It will take time. First, Apple will have to convince hundreds of thousands of websites to add its single sign-on system, which won't be easy. Apple, Google and Facebook have huge sales jobs ahead. For instance, while you can sign on to Barnes and Noble and Kroger with Google, that option isn't available on many top websites, including Target, Walmart, American Airlines, Verizon Wireless and Home Depot.

In other tech news this week

Elon Musk announced a new Tesla video game at the E3 conference: The racing game, "Beach Buggy Racing 2" will use the Tesla steering wheel, and will be able to be played in his car. Musk cautioned that the car has to be in park in order to play. 

Speaking of games, the PlayStation game system went down briefly on Thursday, for about four hours, According to the PlayStation status indicator page, there were problems with account management, gaming and social, PlayStation Now, PlayStation Video, PlayStation Store, and PlayStation Music. 

A leak of Google's next edition of the Pixel phone displayed online this week. After tech blogs got ahold of leaked images, Google did something unexpected: The search giant went to social media to post real photos of the next generation smartphone months in advance of its expected release. On Wednesday, Google dropped a rendering on Twitter with the caption, "Well, since there seems to be some interest, here you go! Wait 'til you see what ti can do. #Pixel4." Google traditionally introduces new hardware in the fall. 

And ICYMI, I offered some killer photo tips on how to get better vacation photos with your smartphone. Do you know about the flashlight app trick for food, or timer trick for selfies? Check it out!

This week's Talking Tech podcasts

Hey Google, why are you tracking my every move?

More on Google's tracking

Kristina Kumic's take on Father's Day videos

How to use tech to set up interviews

Mattel revs up new Hot Wheels 

That's it for the Talking Tech news wrap. Please subscribe to the newsletter, http://technewsletter.usatoday.com, listen to the daily Talking Tech podcast wherever you enjoy audio and follow me (@jeffersongraham) on Twitter, Instagram and YouTube. 

Let's block ads! (Why?)


https://www.usatoday.com/story/tech/talkingtech/2019/06/15/google-says-tough-passwords-dont-matter-instant-sign-solution/1461379001/

2019-06-15 13:09:00Z
CAIiEH9E7738bwoab6V7fx-IDLYqGQgEKhAIACoHCAowjsP7CjCSpPQCMMGg0wU

Tidak ada komentar:

Posting Komentar