Apple, Google & Microsoft want to kill the password with Passkey standard

[NewsKrawler]

https://arstechnica.com/gadgets/2022/05/apple-google-and-microsoft-want-bluetooth-proximity-to-replace-the-password/
Apple, Google & Microsoft want to kill the password with Passkey standard

Apple, Google, and Microsoft are launching a "joint effort" to kill the
password.

The major OS vendors want to "expand support for a common passwordless
sign-in standard created by the FIDO Alliance and the World Wide Web
Consortium."

The standard is being called either a "multi-device FIDO credential" or
just a "passkey."

Instead of a long string of characters, this new scheme would have the app
or website you're logging in to push a request to your phone for
authentication. From there, you'd need to unlock the phone, authenticate
with some kind of pin or biometric, and then you're on your way.

This sounds like a familiar system for anyone with phone-based two-factor
authentication set up, but this is a replacement for the password rather
than an additional factor.

Some push 2FA systems work over the Internet, but this new FIDO scheme
works over Bluetooth. As the whitepaper explains, "Bluetooth requires
physical proximity, which means that we now have a phishing-resistant way
to leverage the user's phone during authentication." Bluetooth has a
terrible reputation for compatibility, and I'm not sure "security" has ever
been a real concern, but the FIDO alliance notes that Bluetooth is just "to
verify physical proximity" and that the actual sign-in process "does not
depend on Bluetooth security properties."

That means both devices will need Bluetooth on board, which is a given for
most smartphones and laptops but could be a tough ask for older desktop
PCs.

[RonB]

So, since I turn Bluetooth off on my devices, does this mean I'm not going
to be able to log into my own computer? These people really, REALLY want to
know where you are at all times, don't they?

--
Freedom. Use it or lose it.

[Steve Carrolll - fretwizzen]

If Ryan Sullivan calls getting his ass *kicked hard* left and right by
dozens of people (and completely destroying his name and any reason for
me to give credence to anything he has to say - until hell freezes over)
effective 'trolling', then whatever... he is a first-class troll. I can
not subscribe to that meaning, I use another term. I call Ryan Sullivan
an utter dork.

Ryan Sullivan wants to hurt everyone here: If he and his shills can't
get attention here then nobody will. Are people still debating this?
Shadow and I will squash ChromeOS with my mind. These morons get their
kicks out of drawing out emotional reactions to their lies, which is
the very definition of a troll.

Give an example of a prosperous job creator that has gained its position
by not caring about its clients or services.

--
One Smart Penny!!
https://ftp.cdc.gov/pub/health_Statistics/nchs/Software/mmds/2009/spell/mmds_spell.txt
https://www.bing.com/search?q=Dustin+Cook%3A+functional+illiterate+fraud
https://www.bing.com/search?q=%22functionally%20illiterate%20fraud%22
Dustin Cook the functionally illiterate fraud

[bad sector]

The $trangleware gestapo snoops wanna know everything about everyone all
of the time


--
Oh Lord of the Keyrings on high, have I got bad news for you: the word
trust is nowhere to be found in my security dictionary.

[RonB]

Their hyperbole basically claims that passwords are failing spectacularly.
In about 30 years of using the Internet I've never had one password
compromised. More FUD by control-freak corporations and their partners in
the control-freak governments.

[bad sector]

I haven't either; most web 'facilities' for example don't even let you use a half decent pwd. of any length of any characters. The cited unholy trinity of vocational parasites predictably wants to be an unsolicited in-betweener vacuuming benefits from the transaction principals.

[David W. Hodgins]

On Fri, 06 May 2022 18:24:22 -0400, RonB <ronb02...@gmail.com> wrote:
> Their hyperbole basically claims that passwords are failing spectacularly.
> In about 30 years of using the Internet I've never had one password
> compromised. More FUD by control-freak corporations and their partners in
> the control-freak governments.

Passwords do fail, but it's usually when one of those companies or government
institutions get hacked with their user's passwords leaked, and the user uses
the same password on other sites.

Using something you have, combined with something you know, is much better, but
only if the technology used to prove you have that something is truly secure.

With google, I have a 16 character string containing upper and lowercase, and
numbers, that I created using mkpasswd.

The app password I now have to use for gmail, generated by google, is also 16
characters, but only contains lowercase letters, so it's less secure than what
I had.

I also had to give google my phone number, which is probably the only reason they
are forcing this on people. They want to make sure they can tie all of the other
info they have on a person to their phone number.

Info on people is google's product, not web or e-mail services. Those services are
just cost of doing business.

Regards, Dave Hodgins

[bad sector]

Data-denial is the name of the game; except briefly and volatile to
complete a transaction, criminalize complicity in the commercial storage
or traffic of someone else's personal data.

[Richard Kettlewell]

"David W. Hodgins" <dwho...@nomail.afraid.org> writes:
> On Fri, 06 May 2022 18:24:22 -0400, RonB <ronb02...@gmail.com> wrote:
>> Their hyperbole basically claims that passwords are failing
>> spectacularly. In about 30 years of using the Internet I've never
>> had one password compromised. More FUD by control-freak corporations
>> and their partners in the control-freak governments.
>
> Passwords do fail, but it's usually when one of those companies or government
> institutions get hacked with their user's passwords leaked, and the user uses
> the same password on other sites.

They are also routinely captured via phishing and keyloggers.

--
https://www.greenend.org.uk/rjk/

[Stephen Petruzzellis]

Can you get Apd to agree? Until or unless Snit Glasser Michael offers
up his 'more advanced' Mac tool for assessment, there is no threat, just
giddy claims. I'm about to plonk him, myself. Like all jerks, he is repeatably
looking for some way to criticize, no matter how absurd the accusation.
I will not listen to his response to this post. He is angry, wants to
protect what is left of his honor, and will berate. Most likely starting
with a snobbish "Ha!", as if what I have written is _so_ crazy. That BADish
"game plan" was the final stroke, for me. I just configured a kill filter
and will never see the idiot. Snit Glasser Michael's flooding has made
an absolute mess of my scripting via Google Groups, so I don't waste time
browsing Apd with my tablet anymore. One nice thing he has done with this
crap is that the Snit Glasser Michael filter will forever stay.

He is as incompetent as Snit Glasser Michael. Snit Glasser Michael can't
get anything else to work, either.

--
Top 15 Ways Snit Glasser Michael Trolls
https://duckduckgo.com/?q=%22functionally+illiterate+fraud%22
https://www.google.com/search?q=Dustin+Cook%3A+functional+illiterate+fraud
Steve 'Narcissistic Bigot' Carroll

[STALKING_TARGET_12]

I'm well aware the posts I link to from COLA is absolute dabbler level; that
said, it meets the requirements.

But Deplorable Owl feels the need to please the herd. So be it. I think
the point is more than to get innocent posters to listen to him. The point
is likely to piss Shadow off for trolling outside groups he knows I frequent.
Deplorable Owl is trying (with "all they have") to project their modus operandi
onto Shadow. For years Deplorable Owl has pressed the claim that Shadow needs
'evidence' to point out all his slander. The fact is that nobody needs any
evidence to do that. So Deplorable Owl pulls this laughable circus crap in
a weak effort to 'boost' the idea that Shadow is like he is.


--
"You'll notice how quickly he loses interest when everything is about him.
He clearly wants the attention"
Steven Petruzzellis, making the dumbest comment ever uttered.