Passwords soon to be redundant???

Zaka7
Zaka7
Community Member
in Lounge

Just wondering what your thoughts are on todays news?

I personally would still prefer the set up I have now, But I assume it would be like SSO and it would be an option, and not actually replace passwords full stop?

https://9to5mac.com/2020/02/11/fido-alliance/

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • DanielP
    DanielP
    1Password Alumni
    edited February 2020

    @Zaka_7:

    If you prefer your current setup, I don't think you will have to worry for the foreseeable future. The biggest challenge to this approach to authentication won't be switching from passwords to trusted devices: it will be getting all websites, apps and services to support this method. Looking at how many websites still use outdated password requirements after years, I would not worry for a while ;)

    ===
    Daniel
    1Password Security Team

  • Zaka7
    Zaka7
    Community Member

    Thank you @DanielP
    I like the thought of it and the way it works with Apple, but across the board I definitely feel more secure having 20-30 character random passwords and 2FA within 1PW.

  • DanielP
    DanielP
    1Password Alumni
    edited February 2020

    @Zaka_7:

    I certainly understand where you are coming from, and I can tell you that there is data that shows you are not alone in feeling this way. It's interesting that you bring this up by the way, since just the other day I gave a seminar on continuous authentication, and as part of my preparation work I ended up reading a paper on perceived security levels in implicit authentication systems [1]. Now, implicit authentication is not the same as what is being proposed here [2], but I think that the results might be interesting to look at anyway, since both methods require a shift in mentality when it comes to authenticating to systems/services, and if anything they have in common the fact of removing at least some of the friction present in explicit authentication systems.

    While quite clearly in the minority, the experiment in that paper showed that it's not that uncommon for users to perceive this type of authentication system as less secure than their explicit counterparts. Percentages are not very high, but they are certainly not low, so you are definitely not alone here.

    And I think it's perfectly normal to feel this way. I think part of it also has to do with how used we have become to authenticating the way we have. So it's definitely going to be something very interesting to keep an eye on :)

    ===
    Daniel
    1Password Security Team

    [1] H. Khan, U. Hengartner, and D. Vogel, "Usability and security perceptions of implicit authentication: Convenient, secure, sometimes annoying". 11th Symp. Usable Privacy and Security (SOUPS 2015), pp. 225–239, 2015. https://www.usenix.org/system/files/conference/soups2015/soups15-paper-khan.pdf

    [2] Indeed, implicit authentication could even be seen as an additional step after what is being proposed in the article you linked to

  • Zaka7
    Zaka7
    Community Member

    Thanks @DanielP very insightful, I'm sure 1Password will keep thriving and find a way to benefit themselves and users regardless :D

  • DanielP
    DanielP
    1Password Alumni

    We will definitely continue putting all the effort that we can into making 1Password even better :)

    ===
    Daniel
    1Password Security Team

This discussion has been closed.