Please suggest some authentication systems you know of that are more secure than passwords<p>I want to start testing them out with some of my projects and i promise to report back with the success or failure of this experiment complete with detailed reports.<p>Thank You
password - something you know and then forget and cracker dictionaries also already know<p>key (sw or hw) - something you have and then lose,or malware finds the spare copy under the mat, or turns out to be flawed as reported by academic cryptographers or as designed by NSA<p>OAuth and federated login - one password to rule them all and then make malware devs happy when they phish you<p>browser "DNA", keystroke analysis, behavioral analysis, pictures of kittens - something you collect amd then malware "in the browser" clones and drops on botnet<p>2 factors - 2 somethings that keep IT admins and vendors employed and then users log in to Facebook and circumvent corporate systems using more user friendly services<p>smartphone - something that you have and then gets malware or lost or stolen or hacked via bluetooth<p>everything the end user could possibly do <i>conveniently</i> is simply projecting an illusion of security<p>anything that is inconvenient will drive away users (there's a reason Amazon has 1-click)<p>i suggest Facebook or G+ and adding a big lock png next to your FB login button....end users will feel very safe, i assure you<p>if you get traction - then hire/partner with very skilled developers who know how to write (or better reuse) high quality, secure code; add a very skilled network and systems security minded ops person to your team for best results<p>if no traction - well, then...ummm....<p>YMMV
Great question. Not sure if you've heard of what Mozilla's been trying to do Persona (<a href="http://www.mozilla.org/en-US/persona/" rel="nofollow">http://www.mozilla.org/en-US/persona/</a>). Also, I can't recall the name but I remember a popular (Kickstarter?) project that wants to use your phone to verify your information.
I'd really be interested to know if simply saying passphrase/pass-sentence/etc instead of password would encourage more complex 'passwords'. Saying password in my mind gives the user the impression that they can only use a singular word instead of a phrase or sentence.
I think that eventually passwords will be obsoleted by crypto keys that work largely in the background. You won't even think about authentication. Security conscious users will have a master passphrase or two which they will know by heart.