this post was submitted on 09 Jul 2024
1418 points (98.6% liked)

Programmer Humor

19434 readers
188 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 3 months ago (1 children)

I do understand the point that the biometrics are replacing very short pins usually, oftentimes 4 digits only but I dont quite see how that makes the passcodes worse than the biometrics.

I'd say even a 6 digit passcode with a randomized number pad, alongside an emergency wipe pin, would do better than biometrics, which also need to have a passcode setup as backup anyhow.

Maybe you could play out a few scenarios that illustrate your point?

[–] [email protected] 1 points 3 months ago (1 children)

Why exactly do you think biometrics are so terrible? Is it because you could theoretically access someone's computer when they are sleeping or something?

As far as I'm aware that is not the consensus in the industry. I even need biometric (in combination with a card and a pin) to enter a specific datacenter.

I do think that bringing up specialised and uncommon hardware like randomised number pads is out of scope. Are you talking about highly sensitive and restricted systems? I'm talking about normal user computers.

[–] [email protected] 1 points 3 months ago (1 children)

Randomized keypads are for touchscreens, although like you said sort of not common for desktop workstations.

Just comparing a password to biometrics though on say a laptop or desktop, there is the major drawnback that you can be forced either knowingly or unknowingly to put in a biometric to unlock a device. It would be easier to circumvent then a standard password (at my company and the clients we work with, 16 characters is standard) with an encrypted hard drive.

This is all deduction ive made from other things I know to be true though, if you happen to know of a resource that explains both methods of securing g a workstation and the risks associated, I'd love to read it.

I also do agree overall that password less makes the most sense now, as people are never going to get better at making secure passwords and remembering them.

[–] [email protected] 1 points 3 months ago

We use 16 characters as well, but a huge problem with pretty much any method is that a wrench can defeat them all.