Password less authentication ?
Okay so what do you think would be used instead of a password ?
Fingerprint ?
Face lock ?
Voice recognition ?
The authenticator by Google?
----
Except the last one , I do believe each and everyone of them comes with a fault , come on one can actually do something to a person to connect with the device .. unfortunately us traders hold most in our mobile phones and I do think not just passwords , but everything at once all the things that I listed are not enough too
you can never be more secure .
------------------Okay so what do you think would be used instead of a password ?
Fingerprint ?
Face lock ?
Voice recognition ?
The authenticator by Google?
----
Except the last one , I do believe each and everyone of them comes with a fault , come on one can actually do something to a person to connect with the device .. unfortunately us traders hold most in our mobile phones and I do think not just passwords , but everything at once all the things that I listed are not enough too
you can never be more secure . Authentication without a password does not mean that you do not have a password.
I take it it it's not clear, what's the difference and what's new with this technology?
What's new here is that you only use a password once when you register on a site (like a site).
Password, of any complexity - for a site always looks different for you, it looks like a digital code. And the numerical code - by appearance of which it is impossible to find out your password.
This is a so-called one-way cryptographic function, which makes from your alphanumeric password - a hash, a numeric identifier by which your device will be recognized, not you.
Regardless of whether you enter the password manually, or if the password is written in a program (e.g. in a browser) and the browser enters it itself, the server will identify you as "the device that provided your numeric identifier. Dot.
No identification is made.
Proof:
- If a fraudster enters your password, the server will be more than happy to identify you.
So, password technology is dangerous. And above all it is dangerous because you have a permanent digital identifier, which is produced by a one-way function from your "password" is always the same. A scammer does not need to guess your password, it is enough to have this numeric identifier.
For this reason, all biometric identifiers are a form of password, but they are even more insecure than a password, because they are very easy to forge.
Some banks, even refuse to serve customers, to
that prove themselves not by a password, but by biometrics.
These are all technologies based on your permanent digital identifiers, no matter how they are obtained.
They are stolen, tampered with, guessed (passwords) and cheated by the server.
The idea of passwordless authentication is based on your ever-changing numeric identifier. But not as primitive as Google did - every 30 seconds, and at another higher level - at the level of every packet of data, at the level of keyless encryption technology.
You don't enter your password a second time. If you want, you can confirm yourself with an additional password or your biometric data.
But this is additional, not basic confirmation. In this variant, if steal your password - then nothing at the swindler will not work. Because the server before entering the password, identifies you in the face of your device, as its user.
And one more thing.
If your password or your numeric identifier is stolen - it is not the fact that you immediately find out about it, it can be done remotely.
But if I steal your device, you will immediately notice it and take action.
Moreover, you cannot steal your device remotely.
It's a fact.