This should warm Sky-Knight's Heart - from the NYT: RIP, Passwords. Here’s What’s Coming Next.

I recently had to go through an exercise for a customer who uses a 3rd party cloud service to run her business. The system is setup to automatically email an invoice to the customer upon the closing the ticket. Before we just put in a username and password into the app. It's a lot more complicated now. And because the system has expiration dates on the creds you have to remember to renew the creds and provide them before the billing get interrupted.

Microsoft 365 / Outlook.com OAuth API Setup and Configuration - Knowledge Base - Confluence

cxtsoftware.atlassian.net cxtsoftware.atlassian.net
 
@Markverhyden

All I could think as I read the article I referenced was, "What planet do you people live on?!!" I've been around the block enough times to know that "early days" of anything, particularly prior to attempts to release it to (foist it upon) the public, are not necessarily good indicators of how things will shake out. But the number of hoops, weirdnesses, etc., documented there about how things stand now makes me think that those who believe this technology will become ubiquitous are just not thinking. Blue-skying to the extreme.
 
britechguy said:
@Markverhyden

All I could think as I read the article I referenced was, "What planet do you people live on?!!" I've been around the block enough times to know that "early days" of anything, particularly prior to attempts to release it to (foist it upon) the public, are not necessarily good indicators of how things will shake out. But the number of hoops, weirdnesses, etc., documented there about how things stand now makes me think that those who believe this technology will become ubiquitous are just not thinking. Blue-skying to the extreme.
Click to expand...
No argument. It's just that sometimes the "market" has a greater impact than we like or want. From what I've noticed the more Rube Goldberg, as in convoluted, a proposal is the less likely it will take root. As you noted, the piece you linked to certainly has a lot of pie in the sky that will be a lot for the average user to absorb. It's been years in the making but MFA pretty wide spread these days.
 
The big problem I see with this system is lost/destroyed phones. To recover your passkeys you have to know your iCloud or Google account information. How many people do you know when this happens lose all their stuff because they don’t know the username yet alone the password? Now add the passwords to ALL your major accounts and not just your pictures and contacts. And as I understand it Google, Apple, or Microsoft will have your private keys, a goldmine of information if a hacker manages to breach your account.
 
  • Love
Reactions: GTP
Markverhyden said:
It's just that sometimes the "market" has a greater impact than we like or want.
Click to expand...

If you change that "sometimes" to always, then we're in agreement. Sometimes the market just so happens to be in accord with "the geniuses of the new" and then things take off like a shot. When they're not, dying on the vine generally occurs.
 
nlinecomputers said:
And as I understand it Google, Apple, or Microsoft will have your private keys, a goldmine of information if a hacker manages to breach your account.
Click to expand...
Well, only were they to have "the other half," the device that would allow those private keys to work. The whole premise behind all this is that you, and only you, will have the other half in the form of your phone.

There are other problems I see, and that you've expressed well. But I don't think that the same entities that we're accustomed to having our passwords having our passkeys is particularly problematic given the overall mechanism of "gate opening" that's used.

I still think this is about as likely to take off in the marketplace as I am to fly to the moon under the power of my own arms.
 
britechguy said:
Well, only were they to have "the other half," the device that would allow those private keys to work. The whole premise behind all this is that you, and only you, will have the other half in the form of your phone.
Click to expand...
Except that’s not the case. Just like a traditional online password manager the keys are stored on line encrypted in your iCloud or Google Account, ready to be delivered to a new phone. Only your iCloud or Google password stands in the way from a hacker faking a lost phone and grabbing the blob. The problem is that once logged in my phone never prompts me for my password. So I don’t have a clue what it is. Now I have that safely stored away and it is a completely random password of over 20 characters. The average end user is not that well organized. I purposely chosen a password manager. The average person hasn’t and this is likely to be forced on end users just like Microsoft Accounts are on BitLocker’d laptops with as much potential for disaster.
 
  • Like
Reactions: GTP
You must log in or register to reply here.
Back
Top