Passwords soon to be redundant???

Just wondering what your thoughts are on todays news?

I personally would still prefer the set up I have now, But I assume it would be like SSO and it would be an option, and not actually replace passwords full stop?

https://9to5mac.com/2020/02/11/fido-alliance/


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • DanielPDanielP

    Team Member
    edited February 11

    @Zaka_7:

    If you prefer your current setup, I don't think you will have to worry for the foreseeable future. The biggest challenge to this approach to authentication won't be switching from passwords to trusted devices: it will be getting all websites, apps and services to support this method. Looking at how many websites still use outdated password requirements after years, I would not worry for a while ;)

    ===
    Daniel
    1Password Security Team

  • Thank you @DanielP
    I like the thought of it and the way it works with Apple, but across the board I definitely feel more secure having 20-30 character random passwords and 2FA within 1PW.

  • DanielPDanielP

    Team Member
    edited February 11

    @Zaka_7:

    I certainly understand where you are coming from, and I can tell you that there is data that shows you are not alone in feeling this way. It's interesting that you bring this up by the way, since just the other day I gave a seminar on continuous authentication, and as part of my preparation work I ended up reading a paper on perceived security levels in implicit authentication systems [1]. Now, implicit authentication is not the same as what is being proposed here [2], but I think that the results might be interesting to look at anyway, since both methods require a shift in mentality when it comes to authenticating to systems/services, and if anything they have in common the fact of removing at least some of the friction present in explicit authentication systems.

    While quite clearly in the minority, the experiment in that paper showed that it's not that uncommon for users to perceive this type of authentication system as less secure than their explicit counterparts. Percentages are not very high, but they are certainly not low, so you are definitely not alone here.

    And I think it's perfectly normal to feel this way. I think part of it also has to do with how used we have become to authenticating the way we have. So it's definitely going to be something very interesting to keep an eye on :)

    ===
    Daniel
    1Password Security Team


    [1] H. Khan, U. Hengartner, and D. Vogel, "Usability and security perceptions of implicit authentication: Convenient, secure, sometimes annoying". 11th Symp. Usable Privacy and Security (SOUPS 2015), pp. 225–239, 2015. https://www.usenix.org/system/files/conference/soups2015/soups15-paper-khan.pdf

    [2] Indeed, implicit authentication could even be seen as an additional step after what is being proposed in the article you linked to

  • Thanks @DanielP very insightful, I'm sure 1Password will keep thriving and find a way to benefit themselves and users regardless :D

  • DanielPDanielP

    Team Member

    We will definitely continue putting all the effort that we can into making 1Password even better :)

    ===
    Daniel
    1Password Security Team

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file