Forgot your password?
typodupeerror
United States Security The Military

DARPA Wants To Kill the Password 383

Posted by samzenpus
from the at-least-zero-characters-long dept.
jfruh writes Many security experts agree that our current authentication system, in which end users are forced to remember (or, more often, write down) a dizzying array of passwords is broken. DARPA, the U.S. Defense Department research arm that developed the Internet, is trying to work past the problem by eliminating passwords altogether, replacing them with biometric and other cues, using off-the-shelf technology available today.
This discussion has been archived. No new comments can be posted.

DARPA Wants To Kill the Password

Comments Filter:
  • by Thanshin (1188877) on Monday August 11, 2014 @09:01AM (#47646331)

    I'm ready to switch passwords for anything else as long as:
    1 - It can't be extracted from me by an easier method than torture or blackmail.
    2 - It stops working forever if I'm dead.

    Otherwise, some blood will have to wash away the naivete. Again.

  • 666 (Score:2, Interesting)

    by musmax (1029830) on Monday August 11, 2014 @09:25AM (#47646485)
    And he causes all, the small and the great, and the rich and the poor, and the free men and the slaves, to be given a mark on their right hand or on their forehead, and he provides that no one will be able to buy or to sell, except the one who has the mark, either the name of the beast or the number of his name. Rev 13:17
  • by Anonymous Coward on Monday August 11, 2014 @09:50AM (#47646711)

    I've never understood why passwords can't be sentences, like "I'm going to take my dog, Spot, to the park today."

    They can be, but it would be incredibly stupid to use something like that. A dictionary attack would crack that password in seconds.

    What I do is have a single, strong password that I have stored only in my brain and all other passwords are hashed on-the-fly from that and the domain or name of whatever I need the password for. I get unique, strong password for everything, but only have to remember a single one.

  • by AK Marc (707885) on Monday August 11, 2014 @09:34PM (#47652175)
    Sometimes it seems like the sites make their password rules match banks. Then, if you can't find anything else that works, use your bank password. The site then has your email, name and bank password. They can try that combo on all the major bank sites, and could get access.

    I'm surprised more black-hats don't set up "free" services with that intention.

1 + 1 = 3, for large values of 1.

Working...