; TOT; Piggin passwords

So I am sat there looking at the post-it note on the side of your screen with a number of random words scribbled on it... I note only one of them is 8 or more characters long.

??????

Useless if it needs your fingerprint to be used.

And there is no reason why the password manager can't require fingerprint access using your phone before it will fill in any password etc.

It's even possible to design the total system so that even if someone holds a gun to your head and forces you to authorise access to the password manager using the fingerprint in the phone, it flags to the password manager that you have a gun held to your head at the time and so it whistles up the cops for you, completely automatically and takes photos of the crim who is holding a gun to your head too.

You wouldn't get root access like that on the Unix machines I put in System X. There is no root on them. You had to load an archive to get root back and we never gave BT that.

Only on Sun kit IME (or if admin has a Sun background) if not "gandalf" then "wand" ...

Dunno, I've already looted Dave's bank accounts, he just hasn?t noticed yet.

Indeed. I once suggested that banks should have a system where a PIN entered in reverse works once, before disabling the account (a spurious "insufficient funds" error) and notifying the cops. I had the idea from an ADT alarm system which had the same feature (it disabled the alarm, but triggered a silent alert).

Go on then ;-)

To be fair, I see what you are getting at, but the purpose of the exercise is to force users to use more of the available "combination space", even if that is at the cost of a small reduction in the total number of legal passwords available.

So without the policy, a very fast crack attempt with all the dictionary words in all lower case, would get you into a percentage of accounts. With the policy, it will fail every time.

but now he does have to test Password, pAssword, paSsword, pasSword, passWord, passwOrd, passwOrd, passwoRd, passworD,

and

PAssword, PaSsword.... PASSwORD.... PASSWORd

and so on.

Fingerprint readers can be fooled by lifting a print from a surface & impressing it onto a gelatine "finger".

More difficult with the "swipe" rather than "prod" fingerprint readers, which makes it odd that the FIPS compliant ones seem to be the "prod" variety ...

It's all very odd since they used to own Paypal?

Rather spoils the extra security if it has a fallback to a password though.

What do you do with sites that insist on a password change every month or so?

Dave Plowman (News) scribbled

They separated the companies in 2014

businessinsider.com/ebay-to-separate-paypal-and-ebay-2014-9?op=1&IR=T

Blanco scribbled

About time there was an automatic system to stop fuckwitted aussie sock puppets posting 24/7

I bet they also get very shirty when their employees take ages to get from A to B.

How about when someone phones you, claiming to represent $%&** Company and then asks YOU for your password/ secret decoder ring/ mother's inside leg measurement etc. ?

You mean you stole my overdraft?

Finger prints are not extra security. They are more convenient.

They only become extra security if you need a pin and a fingerprint (for example).