Mozilla Releases Beta of Password-free Log-in System

Status
Not open for further replies.

joytech22

Distinguished
Jun 4, 2008
1,686
0
19,810
10
[citation][nom]sun-devil99[/nom]Putting all your eggs in one basket.[/citation]
Well virtually everything that simplifies your technological life is the same as putting all your eggs in one basket.

Same can be said for Underpants (if your a man), Vulnerable at all times to attack just like a cloud service.
 

A Bad Day

Distinguished
Nov 25, 2011
2,256
0
19,790
2
How will the system work? One master password?

ASUS tried an optional non-password software that takes a picture of you using the webcam. The problem was that it could be bypassed by simply holding up a picture of you to the webcam.

I uninstalled that shovelware junk the day my laptop was mailed in.
 
G

Guest

Guest
This is relatively new and in beta so there might be some vulnerabilities that could be exploited.

I would just wait for a a while or not use it at all.
 

Pherule

Distinguished
Aug 26, 2010
591
0
19,010
8
Google, Facebook, and other major players are already doing this. You go to some random website and you're about to comment somewhere, when you realize that your comment will be posted with your Google ID instead of as "Guest" or "Anonymous".

No thanks.

This is why I have a different username & password for each individual site I use, and I have somewhat extreme anti-tracking and security extensions in place.
 

Onus

Titan
Moderator
This sounds something like a cloud version of Norton's "Identity Safe." You sign in once, then it fills in your passwords for you. Everything is stored locally. It isn't perfect, but it actually works pretty well most of the time. And, being managed locally, your authentication information is [relatively] safe.
This new service, however, with data in the "cloud," is large-scale identity theft just waiting to happen. When it becomes possible to vote online, this system will be used to rig elections; for sale to the highest bidder.
 

Vorador2

Distinguished
Jun 26, 2007
462
2
18,785
0
There's several systems similar to this. OpenID for example...

People prefer convenience to security in mosts cases (i've seen way too many people having their users and passwords for several services on a plain text file in the desktop!!).

Personally i prefer using KeePass.
 

azeemtahir

Distinguished
Dec 12, 2011
5
0
18,510
0
There we go... I think slowly and gradually, they are increasing global surveillance and control of YOUR information and YOUR identity all in the name of convenience. All the comments above have plenty of sense. I just wonder where we're really headed from here on out with all this convenient-technological-advancement-integration crap?!!?!?!? One day, this all might just blow out of proportion. And we're already having Anonymous-Lulz out there... We'll be left with just LOLs and ROFLs after some more episodes - talk about not just a LinkedIn or Sony store breach, but a theft of all your information-under-one-roof, and a mental breakdown that will follow after... The more 'advanced' we're getting, calls in for more gaps that need to be filled. Obviously the pros here would be the last to bite the bullet.

EDIT: not funny as it is though, had trouble posting this comment here... problem logging in. Guess I'm in, Mozilla Dinos! Lol!
 

gm0n3y

Distinguished
Mar 13, 2006
3,441
0
20,780
0
The safest way is to just have your passwords listed in a random file on your computer. Its open if your computer is compromised, so just name it something innocuous and don't leave it on your desktop or in my documents.

[rant]
Alternatively, you can do what I do at work and just list all of your passwords for the company servers on a sheet of paper tacked onto the wall of my cubicle. It might piss IT off, but it pisses me off to have to remember passwords on over 20 different machines that change every 30 days, have to be 10+ characters with a number and symbol and you can't use the same password twice. Sure that works fine for my manager who only uses his personal machine, but for someone that has multiple web server clusters, database clusters, file servers, and multiple test vms for each of those it is insane. Oh and if I get a password wrong 3 times I am locked out of that machine until I contact IT, who will take minimum 24 hours to get back to me.
[/rant]

Not that I'm bitter or anything.
 

Have you tried password "salting?" I think it works like this: You have a core part of the password that you change every 30 days, plus each machine has a section that is derived from the name of the machine (first 4 and last 2 letters, last part of IP address, whatever you can figure out easily each time).

So your password to machine X is "coRepas$3MACHX", and your password on thingy Y is "coRepas$3THINY."

Would that help at all?
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS