Any Alternatives to Username/Password?

It's entirely ineffective, and adding more protocols like 2FA simply bandages the ineffectiveness of UserId/Password.

what do?

Attached: download.jpg (1200x794, 59K)

Other urls found in this thread:

en.wikipedia.org/wiki/Smart_card#USB
mysmartlogon.com/eidvirtual/
safehouseencryption.com/Manual/User_s_Guide/How_to_Create_a_Virtual_Smartcard.htm
twitter.com/SFWRedditVideos

fingerprint/password
using a fingerprint as password is fucking retarded

Key exchange

> sip

Yeah, put it all in a real location under lock and key and have my fishing buddy's wife Shelly dust it every once in a while, works for the local fishin' shop and it'll work for ya' too

Attached: boomage.jpg (380x349, 30K)

user/tripcode
But then cope with being hated

long and automatically-generated passwords work great. So does "correct horse battery staple" if you're having a computer select the words instead of trying and failing to be random yourself. passwordstore.org is pretty nifty if you know how to use bash, gpg, and git, and maintain backups. Otherwise you should like, share, subscribe, ring that notification bell, and sign up for Dashlane. It only costs more than your VPN.

What about Id + pattern codes?

BASTE
Asymmetric keys. Retards will still get fucked, and that is what retards deserve.

asymmetric cryptography

>It's entirely ineffective, and adding more protocols like 2FA simply bandages the ineffectiveness of UserId/Password.

Biometrics.

Really stupid, if this was to become the norm dictionary attacks would just become more common and just negate your original """improvements""".

Just have people log in with their Facebook account :)

Do the math. Each word is effectively a letter in an alphabet of hundreds of thousands. If you can remember a word as easily as a a few characters, the word is better.

> It's entirely ineffective
No, it is not. What are you on about?

But of you can use FIDO2 webauthn / U2F. For example with a Solokey or Yubikey. This is a technology that might actually work even for "average" users.

fuck you too boo

Regular passwords + timed passwords via an app has shown to defeat more than 99% of all the attacks that happen online. According to publications of Google and Microsoft.

As a normal person, I am not buying a $30 usb to click and hope that it registers my attempt.

I saw a bitch try and demonstrate this and her key wasn't working at all.

Might as well just have usernames and otp on a phone or by email. If you need 2fa every time there's no point in even having a password.

user, USB is not a matter of hope regardless of how some person's misconfigured setup was acting. [NFC is maybe marginally more finicky depending on the exact devices involved, but still not a matter of "hope"]

It's either this, a password manager with browser integration (pass/gopass for example). Or HOTP/TOTP -usually as 2FA- which certainly isn't more convenient than FIDO2 Webauthn.

What if someone knows your username and has your phone that happened to not have a lock screen set? then bye bye

There is a point, form a security point of few. DDoS attacks will result in blowing up phones/emails if you remove that extra obstacle.

2FA is not a protocol.

Username + USB smartcard and pin number

en.wikipedia.org/wiki/Smart_card#USB

Of course it's only useful on a enterprise domain with domain controllers with an authentication service to register your smart cards.

mysmartlogon.com/eidvirtual/
safehouseencryption.com/Manual/User_s_Guide/How_to_Create_a_Virtual_Smartcard.htm

SQRL

not him, but I'm fairly sure that wouldn't be true, as a lot of the words one comes up with in the "4 random words" password system are all fairly common words, and ultimately going through 4 possible combinations of, say, 10000 results at most might be faster to crack than 32 sets of 36 (or more if we count case sensitivity and other numbers) individual characters.

Download KeepassXC and change your password every 3months. Did this yesterday, felt suprisingly satisfying.

Attached: IMG_20190822_121223.jpg (1024x740, 61K)

The username is redundant; the only reason it exists is to provide idiots from colliding with each other without giving away the identity of the idiots not generating cryptographically-sound unique identities.

Anyway, the reason that passwords have failed is because there's no way to guarantee that the third party (or the first party for that matter) know what they're doing. We'd take away the party's ability to do it wrong, but then Libertarians cry "deep state."

Kerberos

Attached: 1563386125450.jpg (358x381, 42K)

smartcard+fingerprint

Asymmetric key exchange

why haven't companies started just doing 2fa with no password?
seems redundant at this point.

>because the initial password is the first factor in "two factor authentication", numbnuts.

anal cavity scan

Yeah i could just spam login using your email/username if you like that

Hardware key,Login,Password.

This. Everyone should have a vibrator installed in their asshole in order to access twitter.

how do am store master password for password database if brain no functional??

I just use bitwarden. In order to log into new devices, I enter an email, your password, and TOTP. Once I do that, all I have to do from then on is enter the password. Then I have all my other TOTPs saved in Bitwarden. Just click on the icon, click the saved user info for the site, hit enter, then Ctrl+V to enter the TOTP.

On phone, I don't need to enter the password after the first time. Just use my fingerprint.

Murder all bitwarden shills (in mw2)