A better alternative for securing our sensitive information online
For further actions, you may consider blocking this person and/or reporting abuse
A better alternative for securing our sensitive information online
For further actions, you may consider blocking this person and/or reporting abuse
Nnveux -
Adam Golan -
Malar_nath -
Imran Shaik -
Top comments (4)
Difficult to take seriously an article built in misconceptions.
A password identifies you : nope, a password doesn't identify you. A username identifies you. A password authenticates you. You need both.
A password is a shared secret: the definition of a shared secret varies just slightly depending on whom you ask. In cryptography it refers to (usually) a key that decrypts communication that is known by two parties involved. As such, it must be accessible as-is to both parties. A password in common usage is not known to both parties, it's known only to you. The party that authenticates you doesn't need the password, they need to infer equality from a cryptographically secure hash (since they have no use for it in order to do anything beyond a match)
I think password can identify oneself. because, in the present, there are so many password to remember and user tends to make simple password has some patterns easy to hack.
yeah, but you don't use just password to login. It's the combination of user + password that needs to match.
There are 3 different concept involved:
identification - know which user you're dealing with. That's the purpose of a username. It identifies you uniquely. Several people might have the same password, so the password alone doesn't do anything. Some platforms can have several conditions for identification (eg: see AWS where to login as an IAM user you need to know the account number + your username)
authentication - for an identified user, verify that they are who they say they are. That's what a password does.
authorization - for an authenticated user, what can they do ?
nice