PayPal Exec Wants to Obliterate Passwords

Status
Not open for further replies.

aracheb

Distinguished
Nov 21, 2008
132
0
18,630
this look like a cross of interest here, doesn't look like he want to eliminate the password because is creating problem; this look like he want to favor his personal company while pushing paypal and the user to buy his personal company crap.
 

aracheb

Distinguished
Nov 21, 2008
132
0
18,630
this look like a cross of interest here, doesn't look like he want to eliminate the password because is creating problem; this look like he want to favor his personal company while pushing paypal and the user to buy his personal company crap.
 

fudoka711

Honorable
Apr 2, 2012
62
0
10,610
Yes, it could be a conflict of interest (not cross), but he does have a point when he talks about people using dumb passwords and then using the same or similar ones across all their accounts. I don't really know if his mentioned method(s) are the best alternatives for the future, but something should be done.
 

InvalidError

Distinguished
Moderator
Someone steals your computer or mobile device and gains access to all your services if he manages to break the password on it... thanks but no thanks. As much as I hate having to manage passwords, I'll stick with passwords. It gets even worse if the lost/stolen device happened to be your registered account recovery method.
With most sites remembering sessions through cookies for a long time, I simply reset passwords instead of trying to remember what I used when I forget. That's more or less like having sites do secondary authentication over SMS.
Unless the authentication method is something like an RFID implant which makes it nearly impossible to lose or steal, there is no getting away from needing a brain-based verification somewhere along the way.
 

royalcrown

Distinguished
May 31, 2006
83
0
18,590
"There will naturally be a small fee increase to cover the migration to this new system"..we are constantly looking for ways to squeeze more fees, er enhance customer service...blah blah
 

DRosencraft

Distinguished
Aug 26, 2011
96
0
18,590
There is no such thing as a perfectly secure system. The flaw with this idea is that rather than penetrating an individual's password through whatever method, the criminal attacks the system that controls the authentication and verification process. If anything I would imagine this helps such criminals since they can focus on hacking a single point of entry and potentially gain access to thousands of accounts at once, as opposed to an effort at snooping into a number of individual accounts. But I can't say I understand the idea perfectly, so I could be missing something. It just seems to me to be misplaced efforts on security. Focus on keeping hackers out of the existing systems and educating the public on better password use and protection. I don't want to be giving some web-store my fingerprints just so I can buy something from them.
 

Lochal

Honorable
May 13, 2013
1
0
10,510
I think you all missed the point. This isn't about a device signing in for you. This is about you authenticating to a device and that replaces the password. You still have to give some unique identification it just isn't a password. An example would be I want to sign into my bank account online so I have to have my finger print reader read my finger print and send that as authentication to the Bank application. Is it fool proof? No but is better than a password.
 

Steven Travis

Honorable
May 13, 2013
2
0
10,510
Or you could use a password with a token (such as is provided by google authenticator and others) and that is better than any single point security system.
I think Paypal tried the two factor authentication but it just wasn't as seamless as it is with Google and MS.
 

g00fysmiley

Distinguished
Apr 30, 2010
476
0
18,930
Why not do what some mmorpg's do and use option for an authenticator, apps for smarphones and maybe even regular cell phones that have random number sequence generation and keep modifying form there, makes it almsot impossible to hack. winwin, very secure and people alreayd have the hardware... this guy seems to jsut want to make money selling his toys
 

slomo4sho

Distinguished
Oct 30, 2008
65
0
18,580
People still use PayPal even though there are much better options available without the lousy customer service that PayPal known for?
 
Status
Not open for further replies.