Microsoft Working Towards a Password-Free World: CEO Satya Nadella
Microsoft Working Towards a Password-Free World: CEO Satya Nadella
Posted: 06 Nov 2015
Windows Hello makes the traditional password useless
With growing concerns over security of emails and mobile phones, technology giant Microsoft Thursday said it is working on ways to rid tech users of their worries over passwords.
"One of the biggest security issues is passwords. One of the things that we are working on is a world where passwords are not going to be the ones that you know can get hacked but you really have other biometrics that really help us secure our computing interfaces," Microsoft Corporation chief executive Satya Nadella said in Mumbai.
He was delivering keynote address at 'Future Unleashed: Accelerating India', Microsoft's largest ever customer conference here, celebrating 25 years of the Richmond-based company's in the country.
Hyderabad-born Nadella said the company has a sense of purpose that is about empowering every person and every organisation on the planet to achieve more.
That's great, the necessity to remember dozens and dozens of passwords is becoming increasingly annoying. That said, there have always been and there will always remain security concerns. it's not the password per se that makes systems vulnerable. It's the fact that someone may profit from accessing your system. It's totally impossible to make an impenetrable defense or authentication system. What you can do is to make authentication hard enough to break so that people would not be doing it randomly. If they do that - great, although the two-step authentication that banks use already is probably good enough, maybe they will come up with something more "user friendly". However a real targeted attack cannot be prevented by fancy software. if someone is really out to get you - they will.
Absolutely NOTHING in that article that even remotely hints as to how this could be achieved.
Biometrics are totally NOT a good way -- you've seen how Hollywood has already pointed out how these devices can be got round - and the idea of getting one's thrumb cut off (or worse) is not very appealing.
IMO there is only ONE way to rid computers of passwords -- and that would be in a 100% idealistic society where money isn't used or needed and everybody knew 100% about everybody else so there was absolutely nothing to hide and privacy wasn't needed.
Failing that you have only TWO choices for security -- Biometrics - which have obvious drawbacks or some type of interactive "Quiz" between server and user which has to be passed before logging you on to the system. Even this has its drawbacks as anybody hacking the server would gain information about the Users habits etc .
So please give more specific information in how exactly you would proceed in the direction of SAFE, SECURE passwordless systems and applications.
BTW once Quantum Computing becomes an affordable reality no amount of encryption can save you from decryption by a Quantum Computer.
That's great, the necessity to remember dozens and dozens of passwords is becoming increasingly annoying.
If when you first add a new contact requiring a sign on identification and password, and your computer offers to save and you take up that option then you always have a backup.
To find site identifications and passwords open User Accounts and click on Credential Manager, then Manage Web Credentials.
Click on whichever one to expand, there you will find.
By clicking on Show Password will reveal.....You will of course need to use your account signing in password for this to work.
Computer Type: PC/Desktop System Manufacturer/Model Number: Self Built OS: W10 Pro + W10 Preview CPU: i7 Hard Drives: Dual swop 2.5" SSD Hard Drive Rack. Internet Speed: 385mbs Other Info: Surface Pro 4 i7. +
MSI GE 70 i7 super raid 0 (3 drives)
Computer Type: Laptop System Manufacturer/Model Number: Surface Pro 4 i7 OS: W10 Pro
BTW once Quantum Computing becomes an affordable reality no amount of encryption can save you from decryption by a Quantum Computer.
Cheers
jimbo
Hi Jimbo, while you may very well be correct in your statement above, the company which developed this product: PQChat Home would beg to differ with you. Have a read of the various sections: you might find them interesting.
I'm not involved in SRD/PQChat btw, although I do use PQChat.
the reality hasn't broken through yet - but Quantum computing is a whole different ball game,
Unlike "Classical mechanics" where for example if you have 4 coloured balls in a box say red, green, blue and yellow the chances of you pulling a yellow ball on ist go are 1 in 4,
With quantum mechanics you get ALL 4 options at the same time (an over simplification I know but it demonstrates the idea. So a quantum computer doesn't need to run through a whole slew of de-cryption algorithms to get a password -- the options are all executed TOGETHER !!! so even with 128 bit encryption methods which using classical computers could take longer than the life time of the universe to run through all the combinations a quantum computer can process every possible algorithm in ONE GO !!!!.
To any physics student here - a gross over simplification but it should demonstrate the point that nothing can be securely encrypted any more when quantum computers become available which they certainly will long before the end of this millennium or even this century.
That's great, the necessity to remember dozens and dozens of passwords is becoming increasingly annoying. That said, there have always been and there will always remain security concerns. it's not the password per se that makes systems vulnerable. It's the fact that someone may profit from accessing your system. It's totally impossible to make an impenetrable defense or authentication system. What you can do is to make authentication hard enough to break so that people would not be doing it randomly. If they do that - great, although the two-step authentication that banks use already is probably good enough, maybe they will come up with something more "user friendly". However a real targeted attack cannot be prevented by fancy software. if someone is really out to get you - they will.
I trust you know that it's not necessary to remember dozens upon dozens of passwords. There are password managers, such as LastPass, to do that for us. A password manager makes it easy to have a unique password for every site account. The user is only required to remember one master password for accessing the list. I don't see that the skills required to use LastPass are significantly more complex than many other things we manage in our complex society, but for some reason there is enormous resistance to getting one's password house in order. I think a real effort needs to be made to educate people about this. Using Biometrics sounds appealing because the user doesn't have to do anything, but there are real challenges and concerns. See here:
This is only one piece of the puzzle. A Google search on the dangers of biometrics brings up many in-depth articles about inherent risks to privacy.
As you say no system is perfect and if they're really out to get you they will, but that strikes me as extremely rare. There's plenty of low hanging fruit for the crooks to reach for. Using a password manager along with a smart phone for two factor authentication makes you very uninteresting to them.
Satya Nadella is playing a deeper game with Microsoft than anyone gave him credit for
74187
(Steve Ballmer gives his famous "developers, developers, developers" chant in 2000.)
Read more:...
Quote