I'm not that enthusiastic about Google, Apple and Microsoft doing away with as an factor, because it's one of the few areas left on these platforms where people have some control over their own . puri.sm/posts/microsoft-ruined

That said, I understand why *they* would be enthusiastic to move people to authentication methods rooted in their hardware that make you (and other vendors that integrate with it) dependent on them for authentication.

Show thread

@kyle I hear you.

But passwords are well past their sell-by date, and their initial use-case assumptions.

Even Fernando Corbato thought so before he died.


@dredmorbius As I elaborate on in the article, I think the main reason passwords failed is due to bad password policies (which I blame Microsoft for in large part!) that didn't take the user into account. I'm not convinced that unrevokable biometrics that unlock a "something you have" in your phone are necessarily *better* than a good password. Which factors are appropriate comes down to particular threat models and I don't think doing away with one of the three auth factors entirely is wise.

@kyle TL;DR: I disagree, passwords failed for intrinsic reasons, not any specific party's (or parties') implementations

Passwords were developed for a vastly simpler world. I think we really need to go back to first principles, and determine:

What we expect passwords to provide.
What the risks are.
What the alternatives are.
What the landscape / terrain / participants are, and what affordances these provide.

In particular, Fernado Corbato was solving a problem for a very limited-access facility with limited connectivity. The solution he devised for the 30 or 300 people inside that phsyical space wasn't appropriae for the 3 billiion outside (this was 1960), but those 3 billion had very little opportunity for access.

Today, 5--10 billion people have immediate access to many online systems. If we consider nonhumans potentially accessing systems, that count likely increases by a few more orders of magnitude. Passwords somewhat work within a spatially-constrained space, not in a global one. Global data systems have a fundamentally different data / security "physics".

Corbato came to think passwords were a nightmare, and that they were designed "to protect against casual snooping":


I share your concerns for hegemonic appropriation of identity. But in a #HierarchyOfFailureInProblemResolution, I think the assessment that passwords are themselves a problem is correct.


What's the problem?
What's the root cause?
What's the goal?
How do we get there from here?
Who needs to help, or get out of the way?

@kyle I'm guessing the companies prefer these other two factor approaches over an OpenPGP smart card precisely because the latter allows user-controlled keys?

@twrightsman They don't trust the user. They do trust the hardware *now* because they can control it remotely, can prevent unauthorized software from running. Combined with their keys inside the secure element, the user just provides minimal in-person proof it's them (biometrics) while hardware does the heavy lifting for trust.

@kyle Both agree and not agree with you. Hardware based authentication mechanisms do have advantages and there are many open source (both software and hardware) projects out there that are FIDO2 compliant. So there is a way to go password-less without the need to buy into their hardware.

@ullgren It sounds like we agree. I like and appreciate methods like FIDO2 and think there is a place for all three kinds of factors in combinations dependent upon threat. What I am opposed to is completely eliminating one of the factors, especially when it's one that gives more control to the individual.

@kyle this is a dreadful idea but if it means a slightly easier time at work, where I'm not responsible for security, part of me is happy.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml