Why Nobody is Talking about Eliminiating Passwords Anymore - DTNS WEEKLY TECH UPDATE 06/08/2017
Added 2017-06-08 18:11:58 +0000 UTCThis is the weekly newsletter companion to Daily Tech News Show at http://dailytechnewsshow.com/
You can get this newsletter by backing DTNS for $5 a month or more at http://patreon.com/dtns
This week we wrap up WWDC meaning the season of the developer conferences is finally over. So, after WWDC, Google I/O, Microsoft BUILD and Facebook's F8, I've noticed one thing. We heard almost *nothing* about the battle to eliminate passwords.
CLOSER LOOK - For decades, experts have asserted that authentication systems built on passwords are prone to insecurity and should be replaced with stronger systems. Every week sees a few more database and service attacks that leak user IDs and passwords . So, obviously, companies must be competing to be the one to offer a solution that makes it easier for users to log in and harder for attackers to compromise their accounts, right?
Not so much.
The best you can hope for, is that a company offers two-factor authentication, and even then, the second-factor is often an insecure SMS message. And that's a system still built on passwords.
Of the major developers conferences, only one, Facebook's F8, even touched on the idea. Facebook announced Delegated Account Recovery where companies can use a Facebook account as a backup to get users authenticated if they have lost their passwords. This is a step towards eliminating passwords sure, but it's a step that still relies on passwords for the moment.
WWDC? Nothing. Google I/O? Nothing. Microsoft BUILD? Same.
Why?
The FIDO Alliance, launched in February 2013 is still kicking. It's mission is to bring about an open standard for authentication and reduce reliance on passwords. It counts Alibaba, Bank of America, Google, Microsoft, Yubico and founding member Paypal among its members.
And while it has made some progress, it's not grabbing headlines.
Every company is hammering away on its smart assistants, machine learning advancements and bending over backwards to tell you what they're doing to protect your privacy. But how can they seriously protect your privacy when they're using a widely condemned, faulty and often insecure system to secure your accounts?
I don't pick on any of these companies in particular. They've all tried in one way or another to advance in this arena. Microsoft's RealSense was a move towards biometrics. In 2015 and 2016 Google I/O had big announcements about its research group's Project Abacus, which hoped to eliminate passwords.
Then this year it all fell silent. And this is the worst year for breachers yet, by many accounts.
So why? It is a difficult problem. It has had many false starts that promised a lot and fizzled out. But even so companies should be clamoring to show us whatever progress they have, just as they do for privacy and encryption, rather than falling silent.
Have a theory? Be sure to include it in the comments on Patreon!
NEWS RECAP
Apple started its WWDC keynote by announcing Amazon Prime Video coming to Apple TV and integrating with TV app later this year. Then spent the next two and a half hours talking about new features in iOS 11 including an augmented reality developer kit called ARKit, peer-to-peer payments and an Apple Cash card in iMessage and a redesigned app store, as well as drag and drop and file system management for iPad. There’s also a new 10.5-inch iPad Pro starting at $649. MacBook Pros and iMacs got a spec refresh with Kaby lake processors and a new imac Pro with Xeon processors and Radeon Vega graphics coming in December for $4999. And the HomePod is Apple’s new smart speaker with Siri built in coming in December for $349. http://www.businessinsider.com/everything-apple-announced-at-wwdc-2017-2017-6
According to Bloomberg, Uber told its employees that more than 20 people have been fired after an investigation into sexual harassment claims. TechCrunch reports former Apple marketing executive Bozoma Saint John has taken a job at Uber. No details on what her position would be. Uber has also hired former Harvard associate dean Frances Frei as its first SVP of leadership and strategy. https://www.bloomberg.com/news/articles/2017-06-06/uber-said-to-fire-more-than-20-employees-in-harassment-probe
-- https://techcrunch.com/2017/06/06/bozoma-saint-john/
Recode's sources say Verizon may layoff around 1000 people after the merger of Yahoo and AOL. The jobs account for less than 20% of the combined workforce, and would reduce redundancies in HR, finance, and marketing. Yahoo's shareholders have officially approved the company's sale to Verizon for $4.48 billion. The deal will close on June 13, 2017. https://www.recode.net/2017/6/7/15759274/merger-completed-layoffs-combined-aol-yahoo-could-reach-1000
http://www.businessinsider.com/yahoo-verizon-sale-approved-2017-6?op=1
Google announced Thursday it will add automatic ad blocking to the Chrome browser, targeting "annoying" ads like popups and page takeovers. The ad filter was developed by the Coalition for Better Ads which includes the Interactive Advertising Bureau and the Association of National Advertisers as well as companies like Facebook and Proctor & Gamble. Chrome will let publishers force a choice on people to whitelist a site for ads, pay a small fee for ad removal or not see content. http://adage.com/article/digital/official-google-chrome-ad-blocker/309238/
IBM, Samsung and GlobalFoundries announced the world’s first 5 nanometer silicon chip. It’s the first chip to use horizontal gate-all-around (GAA) transistors, and extreme ultraviolet (EUV) lithography. GAAFETs potentially can make chips as small as 3nm when combined with EUV. 5nm chips could offer a 40% performance boost or 75% drop in power consumption and put up to 30 billion transistors on a 50-square mm chip, up from 20 billion on a 7 nanometer chip. https://arstechnica.com/gadgets/2017/06/ibm-5nm-chip/
Nintendo announced the Switch Online service, will come out in 2018 and cost $3.99 a month, $7.99 for three months or $19.99 per year. Subscribers get multiplayer options and access to classic Nintendo titles that they can play as many times as they want as often as they want. A mobile app will arrive this summer in a limited version that will allow for chat and setting game appointments. https://www.theverge.com/2017/6/1/15727548/nintendo-switch-online-20-dollars-a-year
After attacks in London this weekend, UK Prime Minister Theresa May called for “international agreements that regulate cyberspace to prevent the spread of extremist and terrorism planning.” May has previously supported back doors for domestic encryption. Facebook director of policy Simon Milner said “...we do not allow groups or people that engage in terrorist activity, or posts that express support for terrorism.” https://9to5mac.com/2017/06/05/facebook-hostile-to-terrorists-london-bridge-attack/
Amazon, Reddit, Mozilla, and several other companies are joining together to support an "Internet-wide day of action to save net neutrality" on July 12. Websites will “sound the alarm” about the FCC’s proposal to change ISP classification, by displaying some kind of prominent message, still to be determined. Kickstarter, Etsy, Vimeo, Y Combinator, GitHub, Pantheon, Bittorrent Inc., Shapeways, Nextdoor, Patreon, and Dreamhost are also among those on board. The FCC is taking comments on the docket until August 16. https://www.washingtonpost.com/news/the-switch/wp/2017/06/06/amazon-kickstarter-reddit-and-mozilla-are-staging-a-net-neutrality-online-protest/?utm_term=.39794368218f
HP unveiled updates to its Omen gaming PCs. The Omen X Compact Desktop is HP’s backpack PC designed to be used for VR and now comes with a dock for when it’s not on your back. It has Kaby Lake i7 processor options and Geforce GTX 1080 for the video card. The PC starts at $2499 and the backpack option costs $599.99, both coming in July. The new Omen Desktop starts at $899 including a GeForce GTX 1050 GPU, hot swappable hard drives, and Intel Core i or AMD Ryzen CPUs. The top end configuration costs nearly $3000, with either dual GTX 1080 Ti's or Radeon RX 580 GPUs, on sale June 6th. New Omen laptops come in either 15.6 or 17-inch varieties, equipped with Kaby Lake CPUs, red backlit keyboards, and 4K or 1080p screen with FreeSync or G Sync support. Graphics range from the RX 550 to GTX 1070, available June 28th starting at $999. https://www.theverge.com/circuitbreaker/2017/6/6/15744670/hp-omen-desktop-laptops-gaming-pcs
HP also unveiled the HP Accelerator, an enclosure for a GPU and hard drive, with Thunderbolt 3 and USB C and 3.0 ports, plus a 500W power supply starting at $299. HP also offers preinstalled GPUs up to the GTX 1060 GPU or an AMD RX580 GPU. HP does not guarantee it will work with non-Omen laptops . https://www.theverge.com/circuitbreaker/2017/6/6/15744718/hp-omen-gaming-accessories-announced
Apple plans to put about 400 machines that repair damaged iPhone screens in non-Apple repair stores across 25 countries by the end of the year. Apple said the distribution of the machines often called Horizon Machines could help reduce wait times for repairs at Apple Stores. Apple said "right to repair" legislation was not a factor. One machine had been tested a Miami Best Buy store and the company will add them to stores in Minneapolis and Sunny Vale, California next. http://www.reuters.com/article/us-apple-repair-exclusive-idUSKBN18Y0BF
A launch event for the OnePlus 5 will happen June 20th at 12 PM Eastern with the tagline “focus on what matters.” Streamed at onepl.us/launch. Amazon India has an exclusive to sell the OnePlus5 in that country and listed specs including a Snapdragon 835 processor and 8 GB of RAM. The reference has since been removed. http://www.androidpolice.com/2017/06/06/exclusive-this-is-the-oneplus-5/
-- https://www.androidheadlines.com/2017/06/amazon-india-confirms-8gb-ram-unannounced-oneplus-5.html
Google released an update for its Pixel phones that it says "should address many of the freezing issues that have been reported." The over the air update should roll out in the next few days. https://www.engadget.com/2017/06/06/google-fixes-random-pixel-freezing-with-latest-update/
Comments
All the ideas I've heard to replace passwords actually make it simpler to login not more complex.
Daily Tech News Show
2017-06-09 17:51:05 +0000 UTCTheory about passwords: 2 parts. One is the "good enough" principle. Can login process be better? Yes but for vast majority of people password authentication is good enough, with the replacements not offering enough added value (see keyboards). The other part is "fear of inconvenience". If I am at my sister's place I can use any of her devices to check my email/websites as passwords are pretty much fungible and I don't have to worry about being barricaded out of my sites.
seerpea
2017-06-09 13:45:24 +0000 UTC
