Is Passwordless Authentication Secure? Why Do We Still Use Passwords?
ฝัง
- เผยแพร่เมื่อ 12 ก.ค. 2024
- Rich or poor, everyone wants to have a good lock on their door, right? It’s a matter of security and it’s an obvious need. Passwords are the keys to our private slice of the internet’s cake, and perhaps its virtual nature means we don’t take it seriously enough.
We wouldn’t leave sensitive documents such as our proof of address on the bus, would we? However, we’re more than happy to make classic security mistakes when it comes to the security of our online data.
That's why security experts are constantly working on new, reliable and user-friendly authorisation methods that make it easier for us to keep our data safe.
So, are passwords going to be left in the dust of antiquity? Let’s find out.
Sumsub - empowering compliance and anti-fraud teams to fight money laundering, terrorist financing, and online fraud.
#Sumsub #digitalsecurity #personaldata
00:00 - Intro
00:59 - A Blast from the Past
04:27 -The Human Factor
10:51 - Single Sign On
13:42 - Two-factor Authentication
15:09 - Password-free Authentication
18:20 - Conclusion. Why Do We Still Use Passwords?
More about us:
sumsub.com
/ sumsubcom
/ sumsubcom
/ admin - วิทยาศาสตร์และเทคโนโลยี
Some people watching will have good passwords,
Some people will have thought about this before,
Some people should have thought about this and haven't,
And hopefully will, after we talk about this, a little bit more.
This channel has insane amounts of quality content. Everything ranging from the set, to the editing and the way you speak and explain topics is fantastic. I thought you had millions of subscribers the first time I watched your videos and I was shocked to find out that that didn't. You definitely deserve more!
That's why this channel is growing really fast. Success in TH-cam is simple but it for sure isn't easy to make top notch content like this. Simple does not equal easy.
I don't understand why the videos have such low view counts! This is literally gold of a content right here! For Free!
Or is it? Maybe we're harvesting your online DNA for our matrix-style human energy converter.
@@Sumsubcom 😂😂
This channel is by far one of the best upcoming channels I've seen in a long time, hooked with every video!
First, I love this channel. Second, it rather bothered me that the words 'authentication' and 'authorization' were used interchangeably.
Athentication: proves you are who you claim to be, so that you can login to your account (e.g. username, password, 2FA/MFA, security questions, etc).
Authorization: allows you to perform certain actions after you have been authenticated (e.g. account privileges for regular user vs administrative user, etc).
It's all fine and cool until you have to use a website that either (1) forces you to use uppercase, number, symbol, runes, smoke signals, etc. OR (2) limits your password to something like 12-16 characters...
What's even worse is one that forces you to those smoke signals, and another website doesn't allow smoke signals.
Then You really need dozens of passwords
What most people don't realize is that this benefit comes with a major downside, two-factor identification makes it difficult, to stay anonymous...
And difficult to log into new devices
And if you lose your hardware key, you better have another one registered or you can't log in. And many services that offer FIDO only allow to register one.
Often/mostly 2FA is only an excuse to get your phone number.
Good times breed weak passwords.
Weak passwords breed bad times.
Bad times make strong passwords.
Strong passwords create good times
An informative video. Although I would have liked to have seen more attention given to password management systems.
Yes, he shouldn't only have called out the problem, but also offered a solution. And that's password managers.
Use a password manager, and make/have backups for it!
16:04 Another big advantage is that passwords work cross platform without any problems. Try to use a USB-based FIDO hardware key (like the ones you showed) on a smartphone...
18:20 Changing passwords regularly is a bad idea and even decreases the security.
19:40 ...because "conspiracy theories" are true. Or are the Snowden leaks, that are exactly about that topic, also "just a conspiracy theory"?
Quality content as always, Making boring topics interesting and entertaining!
Do you have a different set for every video or are they a 3d rendering?
I love how much history is packed in these videos
*The last time I've seen a security question when creating or logging into an account was probably around 10 years ago.* 😅
I guess everyone realised how pointless and insecure they're.
Windows uses it to this day
@@Cookiekeks you mean the pointless shlt when creating an account with the UWP shlt?
@@_GhostMiner UWP? I don't know what that is. I mean the normal windows accounts. They require security questions
@@Cookiekeks UWP are the ugly windows Microsoft calls universal windows platform.
I just use my username as my password for everything. So I don't forget them. Secretly added an ! At the end though so it's harder to guess.
4:00 Shout-out to that one guy who commented saying he had some hash function super computer lmao
Hackers don't guess, they use a dictionary attack where a program tries hundreds of words and characters per minute, the username followed by a character would take milliseconds to crack
I love ur videos! there are really good designed and well strucurized! keep up! good and steady work wilk pay out
Your content quality is unbelievable.
Why don't we move to Secure Certificates?
Where your system puts a certificate on your system. This was used by a certificate authority called AStart. They aren't around anymore.
You logged in once and then they would put a certificate on your system which was then used to log you in when you came to their site.
Do certificate authorities have a problem with this? If this was used then a hacker would need to get onto your hardware your very device that you are using to log into any of your sites.
A hacker could also reproduce the digital signal of your certified hardware, which would grant him access
@@ShiroIsMyName A foolproof solution is never going to happen. It would be harder, in my option, to fake security certificate then a password. Also at this time it wouldn't be expected because the technique it's used right now for log in credentials.
Keep it up guys. I remember that password strength to pass crack chart on reddit. 12 character password is the new minimum as processing power goes up it's harder for us to remember.
By the way any thoughts on making a reddit sub?
Thank you sir ☺
this channel is so underrated and needs more subs
pretty Interasting video
great work and research as always
This set is amazing wth
I'm 88.3% percent sure the set is 3d, but it looks really good regardless of it being real or not
Great production.
I'd like to use teh fingerprint facility of my phone but I work on a farm. In the past I've had too much trouble trying to log in when my fingerprints have been worn down by work, or cuts won't let them be recognised. Voice recognition won't work when you're tired or have a cold. It's too big a risk that I can't get into my account when needed. When they come up with a biometric scanner that works better I might try again.
Rowan, at least you're safe to burgle.
Great content
You didn't have enough credit to password managers. That is the best solution I think
Please can you cover the issue of the Google log-in loop that locks people out of their Google/TH-cam channels for *life* if they forget their password and lose their phone. No e-mail reset offered. Quite a few people have mentioned this online already. It's a growing problem and it seems inconceivable that Google can't find any way to solve this and reunite divorced accounts with their owners - or at least let people delete accounts and personal data even if they won't let them continue using the accounts. At this rate, Google is going to become a graveyard of lost accounts.
What about Google backup codes in this situation?
I like that some alternative authentication methods don't work for everyone. There's a significant number of people out there which don't have fingerprints. Or they wore out over time.
i use random characters i use the same one for stuff i dont care about, unique ones for stuff i care about with a hand written copy hidden somewhere, incase i forget, mine are hidden in plain sight, just looks like a pile of mail but in it at certain areas on the page is my password 😂
One of the biggest issues with password complexity requirements is the lack of consistency too..was this the site that required an uppercase or a symbol or was it another site? Plus those complexity requirements have to be advertised so the attacker knows exactly what is valid or not too. Passwords suck though.
I use password monster to make my passwords strong a good thousand of years to guess
Passwords are a great topic
ur the only cool british person i love ur content man!!!
I store my master password locally everything else will be cloud but i also have 2FA which i don't overlap with my password manager as if either are found i want the extra security. i have multiple emails over the years for different purposes so simply testing my email and cracking it if successful will only compromise some of my account
My 20-30 long passwords still get found out but my threat is features such as links that sign a user in and malware or even password reset links which do not require you to be signed in
can’t believe this wasn’t sponsored by a password manager lol
That's why he neglected them, even though password managers are the most important mention in this topic.
Since most websites lock you out after 3 incorrect tries there's no reason for a password to be required. If someone knows your password they'll get in, if they don't they'll have very little chance of guessing it in 3 tries. If the government wants access they'll just order the provider to let them in and they'll ALL comply. The weakness in in your selection of hints in case you forget your password. Its much easier for someone to know your mothers maiden name or the colour of your first car.
Saving passwords in a text document in the cloud is not unsafe. It is in essence what a (cloud) password manager does. Assuming of course, the cloud service uses encryption, which it absolutely should and in modern times overwhelmingly does. Still, I would prefer a password manager for the convenience and phishing protection.
Nice background
Can anybody explain to me why you can't use any special characters that you want? When I make a password that I think has all the qualities of a good password, lo and behold, the next site I go to to use that password, it's no good because it won't allow some of the special characters I used originally. OK, I've decided to get a password manager, but still, it's one more thing we low skilled computer users will never, ever understand.
If password managers were free I'd use them, but it's BS expecting people to pay for them. Surprised so many people use them. Bring on password free world
Bitwarden is a free open-source password manager.
@@tcbobb1613 This
Password managers (cloud based) are giving you a service, so they can expect a payment for it. There are even ones that gift you a free account (like Bitwarden).
And there are free and open source client based password managers like Keepass. The downside there is that you have to make sync and backups of your database manually.
My next app will have multiple 2fa options as well as passwordless and maybe even usernameless with hw keys
I hate needing a cellphone number for EVERYTHING. I don't have a phone number. I don't need or want one. there's a million ways to contact me online
I hate smartphones far more than passwords... and the solution to the password problem is, we simply have to combine the accounts ( then we only need one Password and the problem is solved ).
But the only real solution for people who are annoyed of passwords is to turn off the computer, in the real analog world there are hardly using any passwords...
any updates to that Zero Knowledge Proof based logins?
Where/How do you make these sets? 🤔
This particilarly looked like an extremely good cgi-bluescreen combo, when i know it is not...
I would guess it is even "someone has a good contact in a movie studio" kind of thing or "it is a good interior art school/ fil academy" :)
Looks like a green screen
18:20… “Why do we still love passwords so much?“… Huh?!… I have nothing but SEETHING HATRED of passwords! Having to use computer passwords today is like being forced to drive a 1963 automobile for the last 60 years and counting.(1963 was the year computer passwords were first invented)
Can smart ring and smart watch combine to match biometric but could be dangerous for Agent life
5:18 what are you talking about? Foobar is just a placeholder for variable names in programming, not some slang word...
Until it IS
Honestly the best password is a hardware device and nothing less something that's synced to a remote server that changes constantly and can only be unlocked with the device that's synced with that account like an rsa token except it's more like a USB type thing and even you don't know the password BUT it only works of its Able to use your biometrics like fingerprint etc. That way literally no one else will be able to use it even if it's stolen and hacked
And I don't wanna hear "what if you lose it" well then that's your own fault you probably lose your car keys and have to order replacements lol
Honestly if you need a replacement you have to go through a rigorous process to verify your identity with the whole voice recognition and even facial recognition and it's gotta be done on your phone the original device that was used to set everything up in the first place 🤷♂️🤷♂️🤷♂️🤷♂️
Find a flaw in this proposal I literally dare anyone to reasonably prove a way that someone could steal your credentials this way and have access to all your accounts lol I literally fucking dare anyone to find a flaw in this 🤷♂️🤷♂️
the friend who only has his email password and just resets passwords all the time is funny af
*Hey* 😀👋
What about public key cryptography? RSA
0 views, likes, dislikes and 3 comments 👌🏻
I tried password managers and I found them difficult to use, they made the situation worse not better.
What's so hard in using a cloud based password manager like Bitwarden?
This guy absolutely loves himself and is using his poor knowledge of something he read on Forbes to make a video lol 🤣
Why are you wearing a suit? It diminishes the weight of your words. Technicians should avoid suits and everything of that sort. Suits are the tools of people with fake personalities, and Technicians are not fake.
Maybe you're fake. I don't know 😕
He is a science communicator, and a damn good one at that. He is not a technician.
What an incredible, eclectic bunch of generalizations.
I need to know more…How are suits tools of those with fake personalities? What is a fake personality? How can you be, even a little bit sure, that all technicians are authentic in personality?
Maybe he likes wearing a suit. I don’t care. 🤷🏻♂️
Personally I've seen enough sweaty looking pc dwellers that it's quite refreshing seeing a well-spoken and well-dressed presenter give talks like this.
You ever watched a defcon talk? You can smell some of those people through the screen.
Bradley smells like he's been to a nice-smelling place.
Using picture as passwords