• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Goodbye usernames and passwords.

Q

quest7

Android Enthusiast
OneID is an entirely new way to easily and securely sign in to websites and pay online. No more remembering multiple usernames, passwords, or filling out forms. You prove your identity to your device and then your device can digitally prove your identity to web sites, enterprise applications, and mobile applications securely using public key cryptography. You only enter your personal information once, when setting up your OneID service account. After that, you can sign in to any OneID-enabled website with a single click and speed through checkout. Forms are filled out with a single click even on a smartphone or tablet. Your personal data and payment information is securely encrypted and never shared with merchants without your express consent. You stay in control of your personal information and benefit from a level of security that far exceeds currently available solutions.

There's more;

OneID
 
This isn't new, there have been many attempts over the years to have a single sign on. OpenID is another, microsoft's assport is another, etc.
 
the problem is getting all the websites to be compatible with "OneID" or whatever single-signon everyone is using. Thats never going to happen. Your best bet is to use LasPass or something along those lines.
 
Heck, I admit to never noticing this type of service before.

Can't say I'd need it, as I like the idea of very random generated, different passwords for different sites, etc.

This one seems naive in the portion of the opening spiel at their site (quoted in the OP): "...entirely new," as we see by the many other examples given in this thread.
 
Must be Apple's marketing "new feature (that android had years ago( in iOS 5"
We are down to three single sign ons at work :)

I want to know how somene could store all their passwords in their head? Ihave three for work, then three different bank accounts, two e-mail, verizon and other utilities, then all the forum passwords.
 
I store all mine in my head...7 for work...1 for banking...several personal email...PayPal...several forums...a couple games...
 
Yeahha said:
I store all mine in my head...7 for work...1 for banking...several personal email...PayPal...several forums...a couple games...
Click to expand...

Same here..

..they are: ******* for here, *************** for Twitter, **************************** for Gmail, ********** for Wilbur Village Czech Festival Accordian Run Signup, ******* for.. hey, now I have to change those..



:D
 
Eugene said:
Must be Apple's marketing "new feature (that android had years ago( in iOS 5"
We are down to three single sign ons at work :)

I want to know how somene could store all their passwords in their head? Ihave three for work, then three different bank accounts, two e-mail, verizon and other utilities, then all the forum passwords.
Click to expand...

I have several dozen passwords that I remember and use a few different techniques when I enter them in so in reality lets say if have 4 passwords and 4 different entry techniques gives me the ability to have 16 passwords that are easy to remember.

Let me illustrate with the password "Android Rules 2007" which in and of itself should be a strong password. You'll also notice that my example password is 18 characters. I remember reading somewhere (a loooong time ago) that passwords over 14 characters were very difficult to crack.

Reverse Case: hit caps lock = aNDROID rULES 2007
Key Shift: slide your hands one key over on the keyboard (probably works best for touch typists), one key right = Smftpf Ti;rd 3--8
Caps Numbers: Hold shift while entering numbers (somewhat difficult in android as the symbols don't align to numbers the same way in all keyboards) = Android Rules @))&
Reverse Entry: type it in backwards = 7002 seluR diordnA

This way you can use passwords that are simple for you to remember while making them very difficult to hack.

ps: These are some of my simplest techniques and they vary depending on what the site security allows (i.e. length, spaces, special characters, etc.). I haven't even touched on making secure passwords by doing things like putting unprintable characters in the password.;):D
 
Yeahha said:
I find it easier to start with "Password1" then go up for each new one you need :rolleyes:
Click to expand...

I do that. Except password is an alphanumeric string that I remember.

The only issue is staggered expiry. So I have a post it which lists system v number. I just cross out the number when I increment.

Although being a sys admin at work, I just reset my password to the same via which ever systems admin function.
 
SUroot said:
I do that. Except password is an alphanumeric string that I remember.

The only issue is staggered expiry. So I have a post it which lists system v number. I just cross out the number when I increment.

Although being a sys admin at work, I just reset my password to the same via which ever systems admin function.
Click to expand...

That is much more secure than my idea...;) IIRC one of the last time there was a major password hack where they published them "Password1" or "Password" was one of the most used passwords
 
that is likely...I can't find the list but it has been a few months I am sure there will be another one soon
 
The reason none of the others before this ever succeeded and the reason this won't work is that what happens when the device doesn't work? If all your accounts and passwords are tied to it you cannot access your bank accounts or others. Also as previously mentioned with theft. The idea while noble as it is puts to much dependence on something that is bound to be flawed
 
I think the whole idea of user names/passwords is flawed to begin with. They're just too easy to steal or guess.
 
I'd prefer to have someone steal my username and password than I would for them to try and get hold of the credentials I need for a retina scan though. Or fingerprint for that matter. I also dont trust NFC based payment methods.
 
argedion said:
The reason none of the others before this ever succeeded and the reason this won't work is that what happens when the device doesn't work? If all your accounts and passwords are tied to it you cannot access your bank accounts or others. Also as previously mentioned with theft. The idea while noble as it is puts to much dependence on something that is bound to be flawed
Click to expand...

Thats the whole issue with relying on any service (the cloud) for anything, not just passwords. Thats why you sync local copies to more than one device.
 
A.Nonymous said:
I think the whole idea of user names/passwords is flawed to begin with. They're just too easy to steal or guess.
Click to expand...

Thats because its the first and simpelest form of authentication, you can have two factor, three factor, four factor (four factor is quite new)

Something the user knows (password) is the first
Something the user has (smart card, rsa token, etc) is the second
Something the user is (fingerprint, biometric) is the third

Fourth factor, wikipedia says someone you know, CISSP books say somewhere you are. So the somewhere you are can be implemented by a gps enabled device which will only allow authentication if you are in a certain location, for example only allow the passcode for the server room to work if your standing by the server room door.
 
quest7 said:
OneID is an entirely new way to easily and securely sign in to websites and pay online. No more remembering multiple usernames, passwords, or filling out forms. You prove your identity to your device and then your device can digitally prove your identity to web sites, enterprise applications, and mobile applications securely using public key cryptography. You only enter your personal information once, when setting up your OneID service account. After that, you can sign in to any OneID-enabled website with a single click and speed through checkout. Forms are filled out with a single click even on a smartphone or tablet. Your personal data and payment information is securely encrypted and never shared with merchants without your express consent. You stay in control of your personal information and benefit from a level of security that far exceeds currently available solutions.

There's more;

OneID
Click to expand...

Yeah, no thanks. I'll stick to my local encrypted database. I don't know any of my passwords. Hell, my facebook password is 100+ characters. All completely randomly generated, and changed every 3 months. =D
 
Speaking from a lot of experience, you're really better off with a very long password that doesn't have a lot of funky symbols, as long as it isn't just a bunch of simple words or a common phrase. Aside from preventing someone from getting your password no matter what it is (phishing, exploits, hacking a database), they're going to use a dictionary attack (gets simple words and common phrases) or variants of a brute force which is going to take much longer for averylongphrasethatispersonaltoyou than *#j78f@4t and will be more secure in most cases.

I love how devices have biometrics now too. I recently showed a friend how to get past that and using nothing but household items and a printer/scanner and pc to create a working copy. :) And ICS's face unlock is ridiculous. It's really very cool and sounds impresive... but unless they can scan in 3 dimensions it's next to useless. You can get in just by pointing it at someone's public Facebook photo. :rolleyes:


OAuth, OpenID, all of those are fairly easy to get around too if you're very determined. A good old password is still the most secure as long as you choose one wisely.
 
You must log in or register to reply here.
Back
Top Bottom