I was just going to say the same. The intel.com page does not have pricing information and just states that it's free for up to 15 passwords, whereas the True Key site [1] provides pricing information ($19.99 a year for unlimited passwords) and also has links to the mobile apps.
Although not this particular face recognition. I managed to fool face recognition passwords in the past with a simple photograph of the person. As you would expect it works perfectly fine.
This is part of the reason Windows Hello won't use standard webcams for facial recognition. They require a depth camera (very unusual feature on laptops, usually marketed as Intel Real Sense) so that a simple photograph isn't enough to fool the camera.
This is still far from perfect though; a truly determined bad actor could create a passable 3D model, or even a face mask, and probably still fool the sensor. It just takes more work. The whole point of passwords is that no one can know them but the person intending to use them. Using a publicly visible part of my body is just asking for trouble.
True Key makes use of the Intel Management Engine (IME). It gives a hint at what Intel is up to with the IME. One of the intended uses is "identity protection", storing secrets like e.g. biometric data in the realm of the IME, and to ultimately get rid of passwords.
Considering the security concerns regarding the IME, I doubt that it is a good idea to hand your passwords over to Intel (ME). At least I don't want to support this technology by using apps that utilize the IME.
To read up on the IME there is a free book by one of the developers on it...
The thing is that Apple actually has a pretty good track record for security and not violating the privacy or integrity of customers' products. I have a lot more trust in Apple doing this correctly. I'd be fine with Intel taking on secure computing, but there's been some pretty bad stuff with the IME (like sending data to the internet outside of user control when using intel NICs), so I'm skeptical of this approach (especially when they're talking about facial recognition as a security measure).
> but there's been some pretty bad stuff with the IME (like sending data to the internet outside of user control when using intel NICs)
That's also a typical concern about baseband processors - and Apple has a baseband processor integrated into their iPhones and iPads. OK, there is a difference: While for ethernet ports (and with a little bit more effor WiFi connections) you can at least theoretically analyze whether there is dubious traffic, this is nearly impossible for connections over mobile networks.
That's sort of the FCC's fault; it's very hard to get a high-bandwidth device certified under FCC regs (e.g. part 15) if it doesn't have a locked-down processor that controls radio functionality. See this article about the FCC intentionally/unintentionally locking down Wifi routers due to licensing requirements: https://www.wired.com/2016/03/way-go-fcc-now-manufacturers-l...
I'm sure if it were up to apple they'd be putting high-level radio functionality in the main CPU. It's cheaper that way, and matches with Apple's security/privacy-oriented marketing.
The IME is basically a second computer inside your computer, running as the most privileged component on the platform. It has privileged access to all components of the system, and runs as long as the computer is plugged in or has battery (even if it the computer is switched off). It is under the control of Intel, they decide what the IME does, and it can use the NIC as it pleases, unnoticeable for the host system. It can not be disabled, switched off or removed. The rootkit researcher Rutkowska described it as "an ideal rootkiting infrastructure".
Even if I would not consider "... considered harmful" essays as screamers for attention, I would still take detraction about ME with a grain of salt, because:
* it's easy to counteract, just not use an Intel NIC
* it gets a lot of scrutinity
* Intel is quite open about what it does, short of releasing signing keys for the firmware
* the mobile platforms have similar secure enclaves (think baseband processors on phones), which nobody actually audits
All of these make me think Rutkowska found out that bashing x86 gets her attention, and now she uses it as a beating horse.
We need a "Rutkowska Hand-Waving Considered Harmful".
This paper is a bunch of insinuation. It goes into great dramatic length to describe how Intel ME is more evil than AMT/vPro, which runs in the same service processor context, but then selectively uses the features of AMT and attributes them to ME. If we were talking about servers, this paper would be talking about how the service processors on HP servers could be used to build a "bad iLO" that phoned home or allowed unauthorized parties to access.
Intel devices aren't "phoning home". These claims require evidence... I don't see a network capture. Activated AMT implementations will phone back to your home, and allow things like remote control, remote bricking, or remote repair of management software.
Saying that ME is "an ideal rootkiting infrastructure" is a statement without a lot of meaning. You could make the same statement about Windows, Linux or any number of components in a modern computer.
Who is this mythical fellow who's not going to give up his password in such a situation anyway? No one's going to protect their accounts at the cost of their finger. Certainly not me.
I mean, I agree with not using fingerprints as passwords but not because I want to protect myself from the fingermen.
I think you have missed the point. In poorer areas of the world where life is cheaper than cheap, I'm not going to bother negotiating with you, so that you to come to the ATM with me because I need you to place your finger on the scanner. I'm just going to take my machete and remove your whole hand and leave you to bleed out in the dirt.
Placing any security value on human body parts is a stupid idea, whether as a password or as a automated proof of identity.
I mean that it doesn't matter. If I had a password, you're not suddenly going to leave me alone. You're probably going to extract it from me and then kill me anyway.
I think it's quite clear we shouldn't use biometrics as passwords but I don't think this is a strong argument.
We at startup xyz take security seriously. We regret to inform you that on the night of 1st December 2016 our database was compromised. The database contained your name, address and fingerprint data.
Please see a plastic surgeon about resetting your fingerprints at as soon as possible.
Genuinely surprised to not see this happen yet. I guess it's a good thing Apple and Google are the ones who typically store Fingerprints and not third party apps.
"The proposed system stores alphanumeric and biometric data (a combination of four fingerprints and the facial image). [...] The System is composed of a central database connected to national entry points."
If/when this comes to be, that database will probably be both well-protected and an incredibly tempting attack target.
Governments have been storing biometric data for decades. I was asking which private company has been doing so - as that is what was being alluded to.
*more to the point, the only way I see a government who stores biometric data being an issue WRT security: the government is after you (in which case they're likely getting what they want anyway), or it's a targeted attack from a foreign government (in which case biometric theft is the least of your concerns).
Thankfully, nobody stores full fingerprints, just derivations (sort of like a hash). And, when those are stored, they are so far always stored in secure hardware elements. The data is never accessible from within the OS, and never uploaded anywhere.
Obviously fingerprints can't be used in that situation, buy think about something like your front door lock. You don't need paranoia-level security (you probably have breakable windows anyway) but you want to stop random people who aren't motivated enough to steal your fingerprint from walking in.
Or think about locking your phone. Most people only want to stop their friends and family - they're not going to copy you fingerprint. Even FBI nearly defeated by TouchID. (You're probably thinking that they could have easily bypassed it, but they only had 48 hours to do so.)
There's a little bit of a difference between breaking a window (noise, glass everywhere), and discretely walking in through your front door and out with your jewellery.
I don't understand the qualifier "in that situation": the user cannot determine what the "situation" may be at some point in the future.
I do use the fingerprint reader on my iPhone, and I believe that the fingerprint data is never sent to another device. Ever.
There are real problems to using the iPhone fingerprint with apps, in that the apps tells me it needs to store an encrypted version of my password on iCloud in order to enable fingerprint unlock. The Bad Guys could get my encrypted password and I might never know.
But I wouldn't have to change my fingerprint in that case.
Comparable to a social security number, but a SSN which you rubber stamp upon literally everything you touch. I make this analogy to illustrate the ridiculousness of both.
I think it's a good comparison, even if it may not seem quite like it yet because we still don't have that many things for which to use our fingerprints.
But soon we will have. All the banks are considering some form of biometric authentication for ATMs, and so on, and this could expand to many other types of services. That means you'll have to scan and store your fingerprint on a range of devices with highly variable security. Eventually your fingerprint will be sold on the black market, just like your SSN is.
There is a market for it because the average Joe and Jane are pretty lazy and would rather touch something to unlock it than having to go through the hassle of typing and remembering (forgetting) a password. They probably don't understand the secrutiy implications of it either.
> Don't use biometrics as a password; use them as a username
Even then people's faces change and through accidents fingerprints can also be changed / removed and then you're shit out of luck. I'm terrified I would store my important shit in something like that then get into a car accident or something and be no longer able to open it.
Implement it like the Xbox Kinect auto-signin where you still have a username but the camera lets the device figure it out on its own. That way people can still manually enter their username in the event of any disfiguring injury or technical glitches but don't have to normally.
You can write down your master password somewhere, or share it with a loved one. This is no different from having backups for important data. You can't easily backup your iris, face, or fingerprints.
Biometrics are in a really weird place as far as security goes.
For the average person who's more concerned about opportunistic theft of a device than a targeted attack I'd argue that biometrics are more secure because you can't have the equivalent of a shitty password. There is no fingerprint equivalent of "1111" as your device PIN. A random pickpocket in the subway doesn't know who you are and thus can't implement any spoofs.
For anyone trying to defend against an attacker specifically targeting them, you're completely right.
You average pick-pocket is not going to lift fingerprints of a phone. He will drop the phone in a plastic bag and fence it to someone who can lift the prints or factory reset it without the prints.
I think post Activation Lock and similar features on smartphone platforms, thieves usually sell stolen devices to those who rip them apart to get to specific parts that they can resell. That will continue until the phone makers figure out how to disable the display, digitizer, battery and other parts that have value even in a "bricked" phone.
You can wipe without a passcode, but if the user turned on Find My iPhone before the phone was wiped, the phone will be a brick until one logs into the associated iCloud account.
What's your point? If a random pick-pocketer steals a phone from me, they don't care about accessing my data. If they wanted to, it's easier with face/fingerprint recognition. Just grab my picture from facebook/twitter/find me by email or phone number, fingerprints are on my phone, batter, sim card, screen... everywhere. It's slightly more expensive than printing my picture from facebook but many times proven, doable. On the other hand... how can you guess my pattern lock or SHITYPassword1111?
If I'm a victim of a targetted attack, better not to have a phone at all.
Fingerprint and face recognition don't have the same threat models. And two differ from password too. For end users, fingerprint makes sense:
- Stealing fingerprint requires access to your fingerprint in the first place. That narrows down the attack surface A LOT.
- Coercing someone to authenticate is possible for password too. Unlike fingerprints passwords can be stolen remotely.
- People tend to use same PIN everywhere. Therefore "can't change your biometric info" isn't that big of a problem. Fingerprints aren't prone to dictionary attack either because there are no "common fingerprints".
Face recognition can be bypassed more easily thanks to a huge database of faces called facebook.
But we shouldn't reject a security solution outright before properly analyzing the threat model. They all can have their legitimate use cases for certain scenarios.
> Stealing fingerprint requires access to your fingerprint in the first place.
This is not as difficult as some might think. We leave them all over our devices for example, but physical access is not even necessary. Jan Krissler managed to get the fingerprint of the German defense minister 2 years ago using only photos of her.
The truth is that we can't trust INTEL. Their CPU micro-code or ME (Management engine) can and does "phone home" to the internet, grab updates and update the CPU. They don't allow the customer to turn this OFF, which betray's the customer who purchased the CPU. Anyone who can sign the update and intercept the download channel can update your CPU with you having no ability to protect yourself. We can't trust intel.
Intel needs to allow 3rd parties to build a small piece of hardware for private key storage, generation, signing and encryption, with self-distruction upon tampering. Then customers need to be able to go to the store, pick which vendor they want, and they plug it into their motherboard. By selling them in the store when the customer can make a surprise purchase, then that prevents tampering upon shipping withe ecommerce deliverables.
What are some good resources to learn more about the phone-home functionality in their microcode? I've been trying to find more details and have been unable to do so.
You've been unable to find that information because no such "functionality" exists. Microcode just patches bugs or configuration details of the CPU; it doesn't "phone home".
That was my initial understanding, but I figured I'd give the parent commenter the benefit of the doubt in case my understanding was flawed.
Some more searching seems to lead back to where I started: the microcode itself isn't phoning home, the only phoning "home" that occurs is the normal process of "when you pull down an update for something, it requires phoning to the repository holding the updates".
By using the word 'standard' you're trying to legitimize something that's fully encrypted, impossible to code-audit and fully under control of Intel, while pretending to be your property and controlled by you.
So yes, it's a standard. I believe there was also a standard on how to tie a noose for hanging a human, but that didn't mean much to the one getting hanged.
Do you think you could fit drivers for all common ethernet/wifi cards in there and proper TCP/IP implementation? It's below assembly abstraction level.
The ME is basically an independent universal computer in its own right, it comes with its own clock, RAM, CPU etc...
It is like a Matryoshka doll sitting inside the Intel CPU of your computer. Therefore, yes, it can contain all of that. For further details see my other two posts.
How else would you implement remote server management that works even when the hardware is shut down (put still connected to power) if not with a seperate CPU that has access to the NIC?
I wouldn't consider "running an update where it pulls new code" to be "phoning home", any more than my car is "phoning home" when I drive it to the dealership for repairs.
The implication the comment I was replying to gave was that the device sent unexpected network traffic back to Intel HQ, with the connotation that it was doing so to leak information about my system.
"Running an update where it pulls new code" is definitely an example of phoning home, and it opens the door to all sorts of vulnerabilities, such as the one featured in the Apple vs the FBI case.
Binary packaging systems download microcode.dat (a text blob containing microcode) from Intel during the build process. Microcode.dat gets converted into an initramfs image that supplies the new microcode early in the system boot. Users download the built binary package, which then modifies the boot parameters of their system.
So normally only the build servers contact Intel. Source-based distributions may. But even then the source files are verified with cryptographic hashes (which are in turn signed by the maintainers' private keys).
Edit: I may have misread your question. I thought you were asking by implication if the microcode blob is pulled after the install. If not, then: No. Updates happen when the package manager decides.
A more subtle way to communicate with the mother ship would be to ship an update that makes the CPU leak some desired information. For example change how some specific cryptographic operation works under certain conditions to make it possible for eavesdropper to break the encryption. Or just make some funny things with memory and make certain information available to be retrieved via web browser when user visits malicious page.
> Anyone who can sign the update and intercept the download channel can update your CPU with you having no ability to protect yourself. We can't trust intel.
Intel's microcode updates are cryptographically signed; the CPU will not accept an update without Intel's signature. The format is not publicly documented, but independent research [1] suggests that it's 2048-bit RSA.
First, it's important to realize that biometric identifiers are not constitutionally protected in the United States under the fifth amendment given current legal precedents:
"A Virginia Circuit Court judge ruled Tuesday that police officers cannot force criminal suspects to divulge cellphone passwords, but they can force them to unlock the phone with a fingerprint scanner."
Second, as others have already noted, you cannot hide or change most biometric identifiers and some people may not even have them at all. Therefore, passwords will always be the safest, most accessible option. However, more education regarding their creation, use, and support needs to occur:
Personally, I like to choose a small token representing the site or service at hand, then surround it with multiple pass phrases I've memorized over the years. This creates a strong password which is both unique and easy to remember. Not to mention when a site I use is inevitably hacked and my hash is stolen, I only need to update a single instance of this pattern--not reevaluate my entire system.
And in honor of the sacred McAfee traditions, Intel Security True Key is bundled by default within the Flash installer; once you've downladed the default installer, you can't even opt out of it. You need to pay attention and unchecked the bundleware before downloading it. Sneaky!
Also worth saying is that if True Key is installed via Flash Mcafee bundle you can't actually uninstall it, you have to manually remove the service and delete the files/reg keys.
After reading all the comments there is not one person who is in support for the biometrics as a secure method but I see people being okay with biometric on iPhones by saying apples security better.
112 comments
[ 3.9 ms ] story [ 181 ms ] threadClick on "sprache" at the bottom and select English, or just change the URL to /en in the location bar.
Awesome.
[1]: https://www.truekey.com/
It's an interesting take on a password manager though, I do like the second factor through an additional device before it grants access.
This is still far from perfect though; a truly determined bad actor could create a passable 3D model, or even a face mask, and probably still fool the sensor. It just takes more work. The whole point of passwords is that no one can know them but the person intending to use them. Using a publicly visible part of my body is just asking for trouble.
Hmm... I'd take 4096-bit GPG over this any day. I rather like using pass[0]
[0]https://www.passwordstore.org/
Considering the security concerns regarding the IME, I doubt that it is a good idea to hand your passwords over to Intel (ME). At least I don't want to support this technology by using apps that utilize the IME.
To read up on the IME there is a free book by one of the developers on it...
http://link.springer.com/book/10.1007%2F978-1-4302-6572-6
Inside is an entire chapter on Intel's identity protection.
That's also a typical concern about baseband processors - and Apple has a baseband processor integrated into their iPhones and iPads. OK, there is a difference: While for ethernet ports (and with a little bit more effor WiFi connections) you can at least theoretically analyze whether there is dubious traffic, this is nearly impossible for connections over mobile networks.
I'm sure if it were up to apple they'd be putting high-level radio functionality in the main CPU. It's cheaper that way, and matches with Apple's security/privacy-oriented marketing.
Intel x86 considered harmful by Joanna Rutkowska
https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf
The IME is basically a second computer inside your computer, running as the most privileged component on the platform. It has privileged access to all components of the system, and runs as long as the computer is plugged in or has battery (even if it the computer is switched off). It is under the control of Intel, they decide what the IME does, and it can use the NIC as it pleases, unnoticeable for the host system. It can not be disabled, switched off or removed. The rootkit researcher Rutkowska described it as "an ideal rootkiting infrastructure".
* it's easy to counteract, just not use an Intel NIC * it gets a lot of scrutinity * Intel is quite open about what it does, short of releasing signing keys for the firmware * the mobile platforms have similar secure enclaves (think baseband processors on phones), which nobody actually audits
All of these make me think Rutkowska found out that bashing x86 gets her attention, and now she uses it as a beating horse.
This paper is a bunch of insinuation. It goes into great dramatic length to describe how Intel ME is more evil than AMT/vPro, which runs in the same service processor context, but then selectively uses the features of AMT and attributes them to ME. If we were talking about servers, this paper would be talking about how the service processors on HP servers could be used to build a "bad iLO" that phoned home or allowed unauthorized parties to access.
Intel devices aren't "phoning home". These claims require evidence... I don't see a network capture. Activated AMT implementations will phone back to your home, and allow things like remote control, remote bricking, or remote repair of management software.
Saying that ME is "an ideal rootkiting infrastructure" is a statement without a lot of meaning. You could make the same statement about Windows, Linux or any number of components in a modern computer.
Your fingerprint like your face can be the username, but never the password.
Your fingerprint is exactly like your username: you cannot change it and you always leave it in public.
Security isn't black and white.
Provided you have them, medical amputations of limbs is a thing that happens.
Seriously, use your eye or fingerprint as a password and there is someone ruthless enough to remove them from your body.
I mean, I agree with not using fingerprints as passwords but not because I want to protect myself from the fingermen.
Placing any security value on human body parts is a stupid idea, whether as a password or as a automated proof of identity.
I think it's quite clear we shouldn't use biometrics as passwords but I don't think this is a strong argument.
We at startup xyz take security seriously. We regret to inform you that on the night of 1st December 2016 our database was compromised. The database contained your name, address and fingerprint data.
Please see a plastic surgeon about resetting your fingerprints at as soon as possible.
Thank you, Startup Xyz
"The proposed system stores alphanumeric and biometric data (a combination of four fingerprints and the facial image). [...] The System is composed of a central database connected to national entry points."
If/when this comes to be, that database will probably be both well-protected and an incredibly tempting attack target.
*more to the point, the only way I see a government who stores biometric data being an issue WRT security: the government is after you (in which case they're likely getting what they want anyway), or it's a targeted attack from a foreign government (in which case biometric theft is the least of your concerns).
Or think about locking your phone. Most people only want to stop their friends and family - they're not going to copy you fingerprint. Even FBI nearly defeated by TouchID. (You're probably thinking that they could have easily bypassed it, but they only had 48 hours to do so.)
I do use the fingerprint reader on my iPhone, and I believe that the fingerprint data is never sent to another device. Ever.
There are real problems to using the iPhone fingerprint with apps, in that the apps tells me it needs to store an encrypted version of my password on iCloud in order to enable fingerprint unlock. The Bad Guys could get my encrypted password and I might never know.
But I wouldn't have to change my fingerprint in that case.
But soon we will have. All the banks are considering some form of biometric authentication for ATMs, and so on, and this could expand to many other types of services. That means you'll have to scan and store your fingerprint on a range of devices with highly variable security. Eventually your fingerprint will be sold on the black market, just like your SSN is.
First I've heard of this. Is this a regional thing or a global trend? Got any sources?
There is a market for it because the average Joe and Jane are pretty lazy and would rather touch something to unlock it than having to go through the hassle of typing and remembering (forgetting) a password. They probably don't understand the secrutiy implications of it either.
+ As fdik said above, you can't change your fingerprint or face easily, and it's always public
+ Face recognition and fingerprint scanning are not robust against spoofing — there are known ways to circumvent both
+ You can be compelled to authenticate a biometric without a warrant
Don't use biometrics as a password; use them as a username.
Even then people's faces change and through accidents fingerprints can also be changed / removed and then you're shit out of luck. I'm terrified I would store my important shit in something like that then get into a car accident or something and be no longer able to open it.
What if you get into a car accident and no longer remember the master password to your hardware password safe?
What if you remember it but lost your arms and are no longer able to type?
The car accident scenario is not very useful.
For the average person who's more concerned about opportunistic theft of a device than a targeted attack I'd argue that biometrics are more secure because you can't have the equivalent of a shitty password. There is no fingerprint equivalent of "1111" as your device PIN. A random pickpocket in the subway doesn't know who you are and thus can't implement any spoofs.
For anyone trying to defend against an attacker specifically targeting them, you're completely right.
It's like if you wrapped your laptop in a decorative cover of your password written everywhere.
Similarly, if facial recognition becomes the standard, thieves will just take a snap when they rob you.
Including very likely the fingerprint scanner itself.
If I'm a victim of a targetted attack, better not to have a phone at all.
https://technet.microsoft.com/en-us/library/cc512578.aspx
- Stealing fingerprint requires access to your fingerprint in the first place. That narrows down the attack surface A LOT. - Coercing someone to authenticate is possible for password too. Unlike fingerprints passwords can be stolen remotely. - People tend to use same PIN everywhere. Therefore "can't change your biometric info" isn't that big of a problem. Fingerprints aren't prone to dictionary attack either because there are no "common fingerprints".
Face recognition can be bypassed more easily thanks to a huge database of faces called facebook.
But we shouldn't reject a security solution outright before properly analyzing the threat model. They all can have their legitimate use cases for certain scenarios.
This is not as difficult as some might think. We leave them all over our devices for example, but physical access is not even necessary. Jan Krissler managed to get the fingerprint of the German defense minister 2 years ago using only photos of her.
Edit: Face recognition is even easier. Iris scanners are the only sure way to recognize someone.
For now.
Iris scanners for authentication kind of lost their appeal to me after watching Demolition Man.
Intel needs to allow 3rd parties to build a small piece of hardware for private key storage, generation, signing and encryption, with self-distruction upon tampering. Then customers need to be able to go to the store, pick which vendor they want, and they plug it into their motherboard. By selling them in the store when the customer can make a surprise purchase, then that prevents tampering upon shipping withe ecommerce deliverables.
Some more searching seems to lead back to where I started: the microcode itself isn't phoning home, the only phoning "home" that occurs is the normal process of "when you pull down an update for something, it requires phoning to the repository holding the updates".
So yes, it's a standard. I believe there was also a standard on how to tie a noose for hanging a human, but that didn't mean much to the one getting hanged.
It is like a Matryoshka doll sitting inside the Intel CPU of your computer. Therefore, yes, it can contain all of that. For further details see my other two posts.
1. https://en.wikipedia.org/wiki/Intel_Active_Management_Techno...
It has only been six days since it has become possible to neutralize the ME firmware for Sandy Bridge and Ivy Bridge[1].
[1]: https://news.ycombinator.com/item?id=13056997
The implication the comment I was replying to gave was that the device sent unexpected network traffic back to Intel HQ, with the connotation that it was doing so to leak information about my system.
So normally only the build servers contact Intel. Source-based distributions may. But even then the source files are verified with cryptographic hashes (which are in turn signed by the maintainers' private keys).
Edit: I may have misread your question. I thought you were asking by implication if the microcode blob is pulled after the install. If not, then: No. Updates happen when the package manager decides.
https://www.kernel.org/doc/Documentation/x86/early-microcode...
https://gitlab.com/iucode-tool/iucode-tool
https://downloadcenter.intel.com/download/26400/Linux-Proces...
Intel's microcode updates are cryptographically signed; the CPU will not accept an update without Intel's signature. The format is not publicly documented, but independent research [1] suggests that it's 2048-bit RSA.
[1]: http://inertiawar.com/microcode/
"A Virginia Circuit Court judge ruled Tuesday that police officers cannot force criminal suspects to divulge cellphone passwords, but they can force them to unlock the phone with a fingerprint scanner."
Source: http://blogs.wsj.com/digits/2014/10/31/judge-rules-suspect-c...
Second, as others have already noted, you cannot hide or change most biometric identifiers and some people may not even have them at all. Therefore, passwords will always be the safest, most accessible option. However, more education regarding their creation, use, and support needs to occur:
Password Strength: https://xkcd.com/936/
Password Reuse: https://xkcd.com/792/
NIST’s new password rules – what you need to know: https://nakedsecurity.sophos.com/2016/08/18/nists-new-passwo...
Personally, I like to choose a small token representing the site or service at hand, then surround it with multiple pass phrases I've memorized over the years. This creates a strong password which is both unique and easy to remember. Not to mention when a site I use is inevitably hacked and my hash is stolen, I only need to update a single instance of this pattern--not reevaluate my entire system.
Hmmm... Let's Google that.
> Intel Security Group (previously McAfee, Inc. /ˈmækəfiː/[3])
And I'm out of here.
Photos. Not even required to recover the fingerprint from the surface of something. Tell me how secure is that.
[1] https://www.theguardian.com/technology/2014/dec/30/hacker-fa...