Home > Windows > Gates: Passwords passe; Announces new Windows update tool Gates: Passwords passe; Announces new Windows update tool Eugenia Loli 2004-11-16 Windows 43 Comments Passwords will soon be a thing of the past, replaced by biometric and smart-card technology, Bill Gates reiterated on Tuesday. He also detailed his company’s plan for computer management software and announced a long-awaited Windows update tool. About The Author Eugenia Loli Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker. Follow me on Twitter @EugeniaLoli 43 Comments 2004-11-16 9:48 pm People will start losing hands on a regular basis. Kidnapp a person, cut off a thumb, and grab their smart card . You now have complete access to their secure systems. It’s easy to do. Of course in the Middle east if your caught as a theif you lose your hand. I hope you get to keep it after wards. or someone can easily be you. I would rather have a three stage that included password -phrase a boimetric reading and a card. Of course we all know how will passport worked for Bill Gates as well. 2004-11-16 9:54 pm Be reasonable. People could also torture you for your password. 2004-11-16 10:02 pm It is much easier to get ur biometrical data as to torture u. 2004-11-16 10:09 pm While peragrin may have gone a little off the mark, there is a point related to what he had to say. That is, one’s fingerprint and other biological features generally do not change. On the other hand, passwords can change. The point here is that once somebody gets a hold of your fingerprint and finds a way to replicate it, there really isn’t a way to ‘change’ it. Really, what can you do? Call in and report your fingerprint as stolen and be assigned a new one? With a password, at least you can change it. 2004-11-16 10:18 pm sun already has products for this. 2004-11-16 10:25 pm You can’t just cut a finger off and use it to access anything, biometrics measures unique parameters of your body, blood, tissues etc, not heavily relying on fingerprint pattern… Just so’s you know! On the other hand, why not just carry on marching into the light and propose implanting biochips if you want to run Windows? That’s sooo 2105! Yeah, just as Schwartz suggested. Why not! We all live for our software and stand for protecting our email passwords. But I bet housewives and grandmas won’t really object. 2004-11-16 10:48 pm Biometric security simply cannot work. as someone said these are factors you cannot change. and one thing all these security freaks and all dont figure out is that as security gets more intricate and complex so do the people who try to brake through the security. and whats the idea with these people that peoples lives revolve around their pc? why the hell would i want to use my fingerprint to access my email or power on my pc??? 2004-11-16 10:49 pm Is a simple security for a person. In theory Gates has a good idea, in practice theory is usally off a little. While boimetrics are okay, they aren’t ready for mass deployments. To many errors. If you use Face recogintion ( a better system by concept over fingerprints) You run into the fact that faces change over time. Instead of trying to figure out the next big security step, why not start by building better software. Even Linux isn’t the end all of secure software. Let’s perfect software so that obvious security holes(active X, buffer overflows, etc) aren’t allowed. Let’s get them deployed and in use. Let’s work on cutting down worms & viruses. Let’s work on stopping spam, through open relays. There are much better things that can be done with MSFT billions, Why waste it like they have been. Very few good Ideas start in Redmond. The good ideas in software start everywhere. 2004-11-16 11:17 pm Indeed, Sun has provided SmartCard-based authentication for quite some time. Anyone who has used a SunRay network has seen how incredibly cool this is… insert your SmartCard/JavaCard and there’s your session… pull it out and it’s gone. Move to any other SunRay on the network, put it in and there’s your session again. 2004-11-16 11:20 pm People will start losing hands on a regular basis. A lot of people go ovr the top with these sorts of scenarios and lose sight of the simple fact that the vast bulk of authentication and identification is for people who simply aren’t privy to information worth chopping their hand off for. As anyone who has worked anywhere near mainstream support knows, getting people to choose – let alone remember – passwords (let alone even remotely _secure_ passwords) is quite a chore. Allowing people to just put a finger into a scanner, or swipe a card near a reader (like most of them probably do to get into the office in the first place) would make most environments more secure simply by virtue of people not using their name for their password, or keeping it under the keyboard on a postit note. Certainly, it shouldn’t be the sole form of authentication for data or systems needing high level security (but who is suggesting it should be ?), but for the typical business (and even home) desktops it’s an _excellent_ solution because it’s quick, easy and doesn’t rely on the user (thus substantially reducing the size of the biggest security hole in any organisation). 2004-11-16 11:23 pm People have joked for years about Gill Bates and comparisons to the devil, the anti-christ, etc. and lots of “What if M$..” this and that. But now, with this article, I wonder if M$ and the mark of the beast could really be a thing of the future? What with RFID becoming popular (and probably in the future mandatory) and RFID microchips being implanted and spun via news stories to seem cool and better than other methods of payment. “Lucifer laughs looks on and waits” – from a Maiden song 2004-11-16 11:37 pm I’ve heard reports of *some* people being rejected by scanners for no reason – these people tried to secure their houses with modern methods, but even when all the data has been entered into the scanner, it just refused to give access to that person (this was a fingerprint-type of a scanner). And that happened more than just once… I wonder if it all will boil down to cheapo chinese keyboard-integrated scanners then, which will only work on Windows, of course… 2004-11-17 12:05 am Give me 10 minutes, a zippo lighter and a clothes hanger and I can get your password. there is no such thing as a 100% secure system. but the Biometric and Smart Card technology do seem like they would be more secure than a password. My question is How would you handle remote logins? 2004-11-17 12:28 am Its a marketing scam.. When you press the pad, you leave a fingerprint on there anyway.. so they can just extract that, make a cast of it and press it on the scanner again anyway.. If someone steals your smartcard, they can trash any site you have ever used, assuming that the internet runs .NET. Anyone working on a jabber based solution yet?? maybe we should start. It actually wouldn’t be hard to code an implementation of one.. 2004-11-17 12:51 am That’s the problem swipe scanners are designed to solve – you swipe your finger across the sensor, thus not leaving a liftable mark. Anyway, what happens when the driver for your smartcard reader breaks? all joking aside, I don’t really see the issue here. There’s no privacy problem with biometric identification so long as the identification isn’t given to anyone else, and it’s clearly a far superior and *more* secure system than password-based identification for normal use. Of course no-one is advocating nuclear facilities start relying on nothing but fingerprint identification – that’s not what this is about. 2004-11-17 12:53 am My question is How would you handle remote logins? Uhm… he’s not talking about the whole world: The system will be based on Microsoft’s .Net technology. Else you use Kerberos or equivelant, not 1 authentication thus e.g. ‘OTP / S/Key or smartcard/biometric authentication’ or another AND / OR. This is nothing new from mr Gates given there already are alternatives to traditional password authentication. Keys (IVL and IRL version), OTP / S/Key, Smartcard (support exists for OpenSSH already), human-to-human authentication. Also, don’t forget the problem with authentication is not only how to authorize. Another important question: authorize to what? There are far more options than merely a thumb-print. Think about iris-scan, DNA. A thumb-print is easy to get though. Just lend out something which has your prints all over it. Use some magnesium et voila, you got a thumb-print. I don’t think it would be very hard to use that to build a replica. That is, if it doesn’t have a build in body heat / blood pressure detector. About the same is true for DNA. Actually getting DNA of someone is far more easier. A human loses lots of hair on a daily basis (i forgot the exact number). I don’t know how advanced iris-scan is these days but until i understand how secure those scanners are there is no way i’ll solely rely on biometric authentication. Problem is, when one understands how this ‘facial structure detector’ actually works, people can start thinking about a solution against it. At last with a smartcard, you know how it works. 2004-11-17 1:04 am That’s the problem swipe scanners are designed to solve – you swipe your finger across the sensor, thus not leaving a liftable mark. Yeah, what do you do when you open your home door? Key | hand to get in. Now guess where the fingerprint is? May i ask you, do you ever use your hands to touch something? Like, opening up a Mars after you bought one, dropping away an empty cup of coffee in the basket after you drunk one at the kiosk, using your mouse or keyboard? How do you think the police authenticates a suspect was somewhere or did something? Fingerprints, DNA, bystanders who saw a suspect — all forms of authentication. Or, you been in a building where you had to use a card to get into an area? IOW its nothing new, really. Its just now being integrated into .NET. Its neither foolproof nor flawless though and criminals will continue to use these flaws in their advantage. Heck, it happens right now! Here in the Netherlands, criminals looked over the shoulder or hanged up cameras near banks at the PIN automate to record the PIN code of a customer. Another option for them is to check the fingerprint afterwards. That is, if there weren’t cameras hanging from the bank right now. There’s no privacy problem with biometric identification so long as the identification isn’t given to anyone else Yes, there is. If someone is able to use your biometric identification as authentication of which examples are provided here above, the security is compromised. This compromise may or may not harm one’s privacy. 2004-11-17 1:20 am I’ve always thought that you should require 3 types of identifiers to uniquely identify a person – a biometric (physical), a password (mental), and a physical device (day-to-day life). In effect, no one could steal your identity without physical access to you. In the process of getting all 3 of those things, it would be REALLY difficult without you knowing. 2004-11-17 1:37 am Interesting that nobody thought of the following scenario: Someone tampers with the hw and/or sw of the scanner you use to authenticate yourself to some service. They record the data which flows from the scanner to the routine, which verifies it. If they can tamper with the system to record the data, they can replay them in a similar way. Now they can authenticate as you and you have no way to change the “pass-information”, as you can’t change your fingerprint or your iris. 2004-11-17 2:16 am Too much emphasis on security now days instead of fixing crap software exploits. I think Bill needs to focus on rebuilding Windows from scratch and giving the World something decent for all those Billions they have lavished on his monopolistic creation. 2004-11-17 3:00 am 5… 4… 3… 2004-11-17 3:57 am Even before the SUN Ray, didn’t the Java Stations have them as well? Suns been touting Java Smart Cards and biometric security for years, and Microsoft has suddenly “got it”? 2004-11-17 4:06 am You know, most people who use Windows are not particularly worried about being kidnapped by terrorists and having their thumbs cut off. Jeez louise, get a hold of yourself! 2004-11-17 4:07 am You would have to have a card reader hooked up to your computer and a piece of software which can make a secure form of communication between the remote computer and the card reader. 2004-11-17 6:35 am Reading most of the comments above, it’s clear that most of you haven’t done much work with biometrics. It is far more secure than what is currently being used, you can’t cut someone’s finger off and use it, you can’t take a finger print off of a glass and use it – sheez! I’m not saying it is for everyone or every application, but some of these comments are just plain silly. Extensive use of biometrics would make it VERY difficult to hack into a system, but there will always be the elite hackers who will get in. 2004-11-17 7:54 am I think you’re exagerating this too much! We all know that Big Brother loves us! 2004-11-17 9:19 am Why people feel everything has to “evolve”? Passwords are just fine!!! I had an accident and the fingerprint on my left thumb is not the same. This is a fact. So then what? Bill Gates has to stop this “look at me I’m thinking about the future” crap and focus on real issues. Windows is full of security holes for a start… Is he going to check the fingerprints of intruding hackers? Or is it just you that will have problems loging into your own system? 2004-11-17 9:38 am By the way How stupid is Steve Jobs? Just give us an x86 version of MacOS X and we will never ever need Windows again…. Does anyone knows his email address? Someone needs to tell him this… 2004-11-17 9:47 am There is simply no way I would trust an employer with bio medical data of any kind. Including a finger print. Same goes for Microsoft. After a decade of proving they care more about MS profits and corporate sales, I would never, ever trust any personally identifiable information with MS. They have not earned the trust. I don’t have a .net account in my name. I don’t register software in my name. And I will never trust their virus and firewall programs because too many MS programs call-home with encrypted streams. And I am not a paranoid guy, and have no problem sharing personal info with companies. But Microsoft is simply not one of them. And they have no one to blame but themselves. 2004-11-17 12:06 pm i theory yes. in practise no -image what wil happen when the machiens break and stop recognising you. will you reboot to single user mode? 2004-11-17 12:37 pm I’ve always thought that you should require 3 types of identifiers to uniquely identify a person – a biometric (physical), a password (mental), and a physical device (day-to-day life). In effect, no one could steal your identity without physical access to you. In the process of getting all 3 of those things, it would be REALLY difficult without you knowing. It doesn’t matter. They can EASILY get into your system via the internet, exploiting one of the 4,000,000 security holes in Windows or whatever. No password, finger or card required. It’s not as if mr. Gates has solved all of that (what with the latest GDI buffer overflow mess). So the biometric stuff is just shit he gives to the press to keep the easily amused , er, amused. Security is as good as the weakest link in the chain. That ain’t the password. 2004-11-17 1:39 pm there is a situation where it is important, that someone else got access to your system? Like if there is some important information in your computer you need, and you call your brother (or whoever is near your computer) if he could fetch it for you. With passwords you can just give it to him, and change it afterwards. With fingerprints it’s not even possible. I know these are quite rare situation, but they’re mostly very important. 2004-11-17 1:46 pm there is a situation where it is important, that someone else got access to your system? Like if there is some important information in your computer you need, and you call your brother (or whoever is near your computer) if he could fetch it for you. With passwords you can just give it to him, and change it afterwards. With fingerprints it’s not even possible. I know these are quite rare situation, but they’re mostly very important. Right on! There are tons of issues like these. Or you damage your thumb, etc etc. Biometric access is a silly idea from people who watch too much bad science fiction. Some agencies use it, but it is NOT F****N SUITABLE for everyday use by normal people, and nor we want to have it! Plus, you can always snatch the hard disk and install it on another system. If we were talking about a completely secure system, with crypto all over, no remote and local exploits etc, biometric could have been a valid next step (for SOME people and SOME uses). Now it’s just a silly gimmick. 2004-11-17 2:08 pm Why people feel everything has to “evolve”? Passwords are just fine!!! No, they suck. They’re hard to generate and hard to remember. I had an accident and the fingerprint on my left thumb is not the same. This is a fact. So then what? So you get a new print entered into the database, just like when you forget your password and have to get it reset. Windows is full of security holes for a start… Such as ? 2004-11-17 4:39 pm Exactly, everything has tradeoffs, but if we combine authentication methods, things get much safer. For most things I’d say a password/bio combination would be sufficient. But for those ‘special’ accounts like bank machines…you’d probably want that added security of a key. ——password——- pros: stored mentally, can change, can have multiple passwords for different levels of secuity cons: hard to create unique hard to remember multiple passwords ——————— bio-metrics pros: no need to remember anything, you (the person) are the key cons: cannot change the same ‘authentication’ information is used to enter your bank account as a news group forum ——————— physical device (key) pros: no need to remember anything possible to have multiple keys for multiple accounts cons: you need to have the key with you someone can steal/copy your key ____________________ 2004-11-17 6:47 pm If they’re remotely well-designed systems, they’ll fall back to another form of authentication. Or you’ll just boot the things off a CD and fix it. 2004-11-17 7:25 pm “Passwords are just fine!!!” No, they suck. They’re hard to generate and hard to remember. (Hah thats one of the worst arguments against passwords i ever heard.) Only for people with little creativity… the trick is that you come up with a password which is logic to you, but it not vulnerable to dictionary attacks and as much not vulnerable to bruteforce as possible (hence as many random characters and as much as possible — at least as much as being used). Because of the logic you understand which others don’t, it is hard to understand and thus not guessable. With a little creativity, one can come up with such password. An example: explain me how ~i7d&l/* is logic to you, while its a good password (though in a NIS environment, its only 8 characters long). 2004-11-17 10:18 pm Hmm. I don’t know why I always think of ketchup when I see Gates mentioned. These are features that should have long been available from those just now considering them and who have been around for a long time (i.e., Microsoft). They’re already on the feature list of my OS: Retina Scan & Identification w/password protection capability Fingerprint Scan & Identification w/password protection capability Voice Printing & Recognition w/password protection capability (also useful outside of Security) Face Recognition w/password protection capability I don’t see passwords going away, however. –EyeAm http://s87767106.onlinehome.us 2004-11-18 3:09 am (Hah thats one of the worst arguments against passwords i ever heard.) Nevertheless, it’s the primary reason the typical password is so insecure. Only for people with little creativity… the trick is that you come up with a password which is logic to you, but it not vulnerable to dictionary attacks and as much not vulnerable to bruteforce as possible (hence as many random characters and as much as possible — at least as much as being used). Which is *extremely difficult* for most people to do. If passwords were as easy to generate and remember as you seem to think, then examples like the one you gave would be the typical password and they’d never be written on postit notes stuck under the keyboard. However, they are not – the vast bulk of them are things like the person’s name, “password”, their birthday, favourite football team, etc. I repeat, passwords suck because, for the typical person, they are hard to generate and hard to remember. 2004-11-18 9:51 am In reply to drsmithy “Windows is full of security holes for a start… Such as ?” – What do you mean “Such as”? Are you joking? Check this out for a start… http://www.greymagic.com/security/news/ “I repeat, passwords suck because, for the typical person, they are hard to generate and hard to remember.” – Maybe you should see a doctor… 2004-11-18 1:58 pm drsmithy: I repeat, passwords suck because, for the typical person, they are hard to generate and hard to remember. Max: Maybe you should see a doctor… Actually, drsmithy is correct about this. Quite a few people (not sure what the percentage is) either have trouble remembering passwords or making them. (Note: I don’t have alot of trouble myself. I create and remember multiple passwords with characters, numbers, and symbols fairly easily.) For these people, biometrics and/or smart-cards may be the answer. 2004-11-20 6:58 pm Nevertheless, it’s the primary reason the typical password is so insecure. Popularity is not an argument for one of another. Windows doesn’t include PAM for example… Which is *extremely difficult* for most people to do. So you help them (see for example here above). Its a matter of policy. If passwords were as easy to generate and remember as you seem to think Its not ‘seem to think’, its a matter of policy and a little bit of creativity to create something which is truelly your personal creation and thus not easily guessable (in theory every password is ‘guessable’). then examples like the one you gave would be the typical password and they’d never be written on postit notes stuck under the keyboard. However, they are not – the vast bulk of them are things like the person’s name, “password”, their birthday, favourite football team, etc. Which is the result of the stupid majority. However, PAM modules could help them. I’m referring to e.g. the crack module here. 2004-11-21 8:34 am Popularity is not an argument for one of another. I never said it was. I’m just pointing out why the typical password is so insecure. Windows doesn’t include PAM for example… Why would it ? So you help them (see for example here above). Its a matter of policy. A policy that results it passwords written down on paper under keyboards, or kept in people’s wallets, or an overworked helpdesk who has to keep resetting them. I suppose you think requiring users to change their passwords every 30 days is a good idea as well ? Its not ‘seem to think’, its a matter of policy and a […] No amount of policy in the world changes the fact that most people find secure passwords difficult to generate and difficult to remember. […] little bit of creativity to create something which is truelly your personal creation and thus not easily guessable (in theory every password is ‘guessable’). Bollocks. Not in any practical sense, at any rate. Which is the result of the stupid majority. However, PAM modules could help them. I’m referring to e.g. the crack module here. It won’t help them. It will just frustrate them and result in the problems I’ve already tried to explain twice.