Stuart Coulson asked:
What is the future of passwords?
Steven - I think it would be great if there was some replacement for passwords because they have so many problems, but so far, all of the solutions that have come out have been problematic in some way or another because you really need to have something that is linked to that person because they want to be able to use the same security credentials regardless of where they're going. So probably, the best way of trying to manage passwords nowadays is to use different passwords for every website and then have some software maybe running on your phone, maybe running on your PC that tries to manage all of those and stop you having to remember them all.
One can, of course, program one's computer to remember many of one's passwords, but I think that is a major security risk, so I tend to turn those functions off.
To follow up Clifford's post: Google now have double identification via text message to mobile phone if you wish to enable it for gmail (every 30 days and any new computer). Our banks in the UK now issue number generators - when I log on to my bank I punch a pass code into my number generator and it spits out an 8 digit number which I must put into the bank website to access my accounts - this gets around the key-logger or sniffer problems.
I have one of the small quasi random number machines supplied by Barclays bank but it is a small poorly built device powered by two three volt cells and a great inconvenience, could the same thing not be done by software on the computer. syhprum, Fri, 7th Sep 2012
For use on a set top PC it should be possible to incorperate these devices into a special keyboard which I would purchase if someone would manufcture one you can of course glue the device onto a regular keyboard and power it from the computer but a properly integrated device with a back lit display would be better. syhprum, Tue, 11th Sep 2012
I can see the logic of the argument that the PRNG should be kept seperated from the computer but I wonder if they are all unique as the villains could easily aquire one.
Java smart-card technology (Java card) is something may be relevant here, such systems beat losing your password and are less copyable and require a machine to get the information from(warning - may require a passsword or card), passwords are akin to unique ID's and unique serial number stamps. Great example is CPUID of the central processing unit chips. nicephotog, Sat, 27th Oct 2012