Google may abandon passwords for 'trust score'

I just got one without a fingerprint scanner in the first place. Saved me a lot of time dealing with settings…

It won’t lock you out of the dialer. Phones already allow you to make an emergency call without unlocking the phone and this new security model should be more permissive if anything, for example maybe allowing calls to any non toll number instead of just 911 (or your local equivalent if you’re outside the US).

OPM lost a bunch of fingerprints to China. The kid next door can lift them with silly putty. I’m not so hot on that idea.

In my case I’ll trust Apple when they say the print profiles don’t leave the phone. If someone wants to go to the trouble of lifting my prints and making a scannable copy, then they are welcome to the contents of my phone. In my case, the reward of easy access to the phone outweighs the risk.

I realize for a lot of people, it doesn’t outweigh it at all and they will decide not to use it. But that doesn’t make it a bad idea.

Well, this is about Google, not Apple. That aside, I choose not to use a lot of technologies / services for similar reasons, but there’s always a tipping point when you can’t avoid them anymore.

Yeah. Once they say “In all cases WE’LL decide if you’re who you say you are.” I’m out. I’ll go back to a phone that just makes phone calls. If they still exist by then.

I noticed that all the same “forgotten password” security questions show up on airline check-in web sites, online banking web sites, Facebook and many others. And so I’ve advised staff at work to think carefully before naming their child’s first pet.

For security reasons, the chosen name should have at least eight characters, a capital letter and a digit. It should not be the same as the name of any previous pet, and must never be written down, especially on a collar as that is the first place anyone would look. Ideally, children should consider changing the name of their pet every 12 weeks.

I advise people to just lie on those. What’s your mother’s maiden name? Smith. What’s your pet’s name? Smith. What’s the place you want to travel to? Smith. What’s your favorite animal? Smith.

PS - I don’t actually use Smith. So, best of luck to you.

they are getting annoying and not allowing duplicate answers. anymore i just make stuff up and save the question and answer to a text file. probably should put it in an encrypted directory or something.

Trying “Smythe.”

You could also change all your passwords to "incorrect."
So whenever you forgot it, you’ll be told “Your password is incorrect.”

Smith

Okay, just a few more left to eliminate.

In that case, I do something close but not real. Parent anniversary? Maybe I get the month right but instead choose the first. Pet name? Maybe that’s actually my kid’s name. But the important bit is to make sure that it doesn’t actually match what people could look up.

I’m a security nut-job, so most of my answers to those questions are strings of random characters. I’ve never had to use them, but I am wondering how the conversation would go when I start telling the outsourced call center person that my first pet’s name really was: “t(3flw___qm<84JJbit801784”

The first generation of passwords - common names and common words - were bad because they could be found with dictionary attacks. (All three of the mail servers I manage have dictionary attacks being thrown at them 24 hours a day from multiple sources.)

The second generation was as you wrote, “t(3flw___qm<84JJbit801784”. But those could never be remembered, so people had to write them down, keep them in a notepad file in their cell phone, etc.

The third generation is password phrases. Groups of words (PresidentPalin2020), song lyrics (JeremiahWasABullfrog) etc. Not only can they be remembered, but they’re generally longer, making it harder to brute-force them. Some common phrases (NothingButNet) are showing up in dictionary attacks but if you stick to non-common phrases (LikableTedCruz) you’ll be OK.

Honestly, a specific feature to detect drunk typing would do more good than this security stuff in the article.

Thanks for the app idea!

It was your idea, I just shined a light on it. I want in on the beta testing!

not even with my best friends keyboard.

Use a passphrase them ceaser cipher it. Should look like random letters to someone else then.