At last, the end of ruddy passwords

Which makes everything as secure (or not) as your mobile phone.


perhaps 2FA should be rebranded SFA (sweet FA) :slightly_smiling_face:


I love my mobile phone :heart_eyes: It can even do face recognition with my mask on (well, top of face recognition).

hummm in true parliamentary fashion…
"The ayes have it, the ayes have it… UNLOCK :crazy_face:


How does it do with someone else’s face behind your mask?

By the way, if you set up face/fingerprint recognition you can be compelled by law enforcement to provide your face or finger to unlock your device, they cannot compel you to reveal a PIN (well, they can get a court order, of which you would be in breech if you refused, along with any penalty for failing to provide a cryptographic key - but they still can’t actually compel you to cough up).

is that the same in France or just the UK?

UK and US I believe, not sure about France specifically.

1 Like

Haven’t tried that :mask: The fingerprint thing is great though, I can log on to my wife’s laptop and vice versa without having to remember passwords. The HSBC apps on my phone (UK and France) both use face recognition - instantly. It’s good stuff :slightly_smiling_face:

I’ve come across Google Authenticator, which pops up on the phone and gives you a code to enter to complete a login (once you have already entered email address and password!). Belt and braces I guess!

I used Authenticator very happily but with a constant nagging worry about losing my phone.

On a recommendation, and after research, I changed to Authy. I can now have the same authenticator app on more than one device.

1 Like

Good point Porridge. I hadn’t thought of that. Also, I researched further and found a comment about the malware, Cerberus. On Android it hijacks accessibility settings to steal 2FA authentication codes directly from Google Authenticator. I have an iPhone, but next I’ll take a look at Authy…

With the FIDO implementation by MS, Apple and Google the authentication across Windows, Android and the Apple OSs should be common and robust. They’ll just provide APIs for third party apps on all three platforms. It’s also planned that all your keys will live in the cloud (which I guess in my case would be iCloud) and if you loose your phone they would be automatically download to your new one when you log in.

Especially when I read this:

Seems a pretty convoluted vulnerability to me, but I’m very happy that researchers such as these do push the limits, they help keep us all safe.

Up to a point, Lord Copper.

I’m doing refurb. There are numerous ways in which ones dab becomes unrecognisable to the dab reader. I’m not just talking it being covered in paint. Being slightly roughed up by handling sandpaper is enough.

Interestingly, a refusal by Android [if such it be] to let me in on the dab and making me enter my pin, is then confounded by both Lloyds Bank and Credit Mute opening up on the dab.

I do wonder how I will get on when the pad of my left index finger gets all gnarly from playing guitar. I s’pose I will have to use another [right hand] finger for my dab.

Well, with dodgy dabs you’ll be no worse off than before, you can use passwords I’d guess. :slightly_smiling_face:

I wonder if one can use the tip of their nose instead?

I think I’m a lost cause… no fingerprints and no modern portable phone… aaargh. :roll_eyes: :wink:

1 Like

Hopefully if you don’t have fingerprints you at least have a face :see_no_evil::rofl:

I’m at my best, wearing a mask… :wink: :roll_eyes:

1 Like