{"video_id":"fp_QUIRrErbGc","title":"TQ: Passwords Are Going Extinct","channel":"Techquickie","show":"Techquickie","published_at":"2021-10-06T01:07:00.032Z","duration_s":219,"segments":[{"start_s":0.0,"end_s":6.36,"text":"Honestly, we all suck at passwords, and yeah, maybe you personally use unique, impossible","speaker":null,"is_sponsor":0},{"start_s":6.36,"end_s":11.88,"text":"to guess. 50 character randomized passwords for all your accounts, but unfortunately you'd be","speaker":null,"is_sponsor":0},{"start_s":11.88,"end_s":15.36,"text":"the exception rather than the rule, you special little person you.","speaker":null,"is_sponsor":0},{"start_s":15.36,"end_s":20.08,"text":"According to a 2019 Google study, about a quarter of Americans use some absurdly unsecure","speaker":null,"is_sponsor":0},{"start_s":20.08,"end_s":26.04,"text":"passwords like one, two, three, four, five, six. And according to a different study from the same year, around three quarters of users","speaker":null,"is_sponsor":0},{"start_s":26.04,"end_s":32.2,"text":"in the US and Canada reuse passwords, while around half only change one character when","speaker":null,"is_sponsor":0},{"start_s":32.2,"end_s":38.8,"text":"they're forced to update their passwords. And to be fair, a big part of the reason this happens is that the average person has so","speaker":null,"is_sponsor":0},{"start_s":38.8,"end_s":42.96,"text":"many online accounts now that they can't keep their passwords straight, and many people","speaker":null,"is_sponsor":0},{"start_s":42.96,"end_s":47.32,"text":"aren't even aware that password management software even exists.","speaker":null,"is_sponsor":0},{"start_s":47.32,"end_s":51.36,"text":"Then you have the fact that passwords sometimes aren't even stored on the servers themselves","speaker":null,"is_sponsor":0},{"start_s":51.36,"end_s":57.08,"text":"in a secure manner. All you need is to take one look at the headlines about password dumps to see that.","speaker":null,"is_sponsor":0},{"start_s":57.08,"end_s":61.12,"text":"But do we even need passwords at all?","speaker":null,"is_sponsor":0},{"start_s":61.12,"end_s":64.52,"text":"Even though we're all still used to punching in passwords, people in the computer industry","speaker":null,"is_sponsor":0},{"start_s":64.52,"end_s":67.96,"text":"have been discussing eliminating them for quite a while now.","speaker":null,"is_sponsor":0},{"start_s":67.96,"end_s":72.96,"text":"Back in 2004, Bill Gates himself pointed out that the whole idea of a password was flawed","speaker":null,"is_sponsor":0},{"start_s":72.96,"end_s":76.68,"text":"for situations where a high level of security was needed.","speaker":null,"is_sponsor":0},{"start_s":76.68,"end_s":80.52,"text":"But if this is true, what would we use instead?","speaker":null,"is_sponsor":0},{"start_s":80.52,"end_s":87.16,"text":"Microsoft seems to think they've got it all figured out. If you have a Microsoft account, you could actually go into your settings right now and","speaker":null,"is_sponsor":0},{"start_s":87.16,"end_s":90.36,"text":"choose to convert your account to password lists.","speaker":null,"is_sponsor":0},{"start_s":90.36,"end_s":94.52,"text":"Instead of using a password, you can use the Microsoft Authenticator app to secure your","speaker":null,"is_sponsor":0},{"start_s":94.52,"end_s":99.48,"text":"account. Each time you want to log in, you'll either get a verification code from the app or through","speaker":null,"is_sponsor":0},{"start_s":99.48,"end_s":105.12,"text":"SMS or email, get prompted for a physical security key, or use biometrics like Windows","speaker":null,"is_sponsor":0},{"start_s":105.12,"end_s":111.16,"text":"Hello face scan. The password list isn't just something Microsoft is doing, though it has stolen the headlines","speaker":null,"is_sponsor":0},{"start_s":111.16,"end_s":114.56,"text":"considering it means you can go entirely password lists on Windows.","speaker":null,"is_sponsor":0},{"start_s":114.56,"end_s":118.32,"text":"Many mobile apps have allowed you to log in with a fingerprint after just a first time","speaker":null,"is_sponsor":0},{"start_s":118.32,"end_s":123.56,"text":"setup. And the signs also point to Google moving to a password list model with those one tap","speaker":null,"is_sponsor":0},{"start_s":123.56,"end_s":128.52,"text":"authentication prompts that show up on your phone, possibly being the way of the future.","speaker":null,"is_sponsor":0},{"start_s":128.52,"end_s":133.04,"text":"In fact, Google builds security keys directly into Android phones themselves in order to","speaker":null,"is_sponsor":0},{"start_s":133.04,"end_s":136.88,"text":"verify that it's actually you trying to get into your own account.","speaker":null,"is_sponsor":0},{"start_s":136.88,"end_s":140.64,"text":"Of course, even though none of this will sound super novel to anyone who's ever used","speaker":null,"is_sponsor":0},{"start_s":140.64,"end_s":145.8,"text":"two factor authentication, as all of you should be, we probably still have a ways to go before","speaker":null,"is_sponsor":0},{"start_s":145.8,"end_s":152.2,"text":"passwords really become a thing of the past. While large firms like Google and Microsoft will probably lead the way in implementing","speaker":null,"is_sponsor":0},{"start_s":152.2,"end_s":158.04,"text":"it, it won't be trivial for smaller organizations to switch all of their infrastructure over","speaker":null,"is_sponsor":0},{"start_s":158.04,"end_s":162.88,"text":"to password lists, especially as users often have to log into multiple services that might","speaker":null,"is_sponsor":0},{"start_s":162.88,"end_s":169.72,"text":"not automatically play nice with each other. It's for this reason that IT departments might be looking more at a concept called the","speaker":null,"is_sponsor":0},{"start_s":169.72,"end_s":174.72,"text":"Federated Login, which essentially means that one login will get the user into all the services","speaker":null,"is_sponsor":0},{"start_s":174.72,"end_s":180.78,"text":"they need. But this takes work to implement, and this isn't the only barrier to ditching our passwords.","speaker":null,"is_sponsor":0},{"start_s":180.78,"end_s":185.4,"text":"If all of this sounds like two factor authentication with, you know, one less factor, you'd be","speaker":null,"is_sponsor":0},{"start_s":185.4,"end_s":190.4,"text":"right. Although not having a password sounds super convenient, it has the potential to make things","speaker":null,"is_sponsor":0},{"start_s":190.4,"end_s":195.32,"text":"a massive headache if a user loses their phone or their physical access token.","speaker":null,"is_sponsor":0},{"start_s":195.32,"end_s":199.96,"text":"So cybersecurity workers face a challenge in figuring out a practical way to verify","speaker":null,"is_sponsor":0},{"start_s":199.96,"end_s":202.96,"text":"a person's identity if the worst happens.","speaker":null,"is_sponsor":0},{"start_s":202.96,"end_s":212.4,"text":"Personally, I'm a fan of good old fashioned secret handshakes.","speaker":null,"is_sponsor":0},{"start_s":212.4,"end_s":217.0,"text":"So thanks for watching guys. If you liked this video, hit like, hit subscribe, and hit us up in the comment section with","speaker":null,"is_sponsor":0},{"start_s":217.0,"end_s":219.48,"text":"your suggestions for topics that we should cover in the future.","speaker":null,"is_sponsor":0}],"full_text":"Honestly, we all suck at passwords, and yeah, maybe you personally use unique, impossible to guess. 50 character randomized passwords for all your accounts, but unfortunately you'd be the exception rather than the rule, you special little person you. According to a 2019 Google study, about a quarter of Americans use some absurdly unsecure passwords like one, two, three, four, five, six. And according to a different study from the same year, around three quarters of users in the US and Canada reuse passwords, while around half only change one character when they're forced to update their passwords. And to be fair, a big part of the reason this happens is that the average person has so many online accounts now that they can't keep their passwords straight, and many people aren't even aware that password management software even exists. Then you have the fact that passwords sometimes aren't even stored on the servers themselves in a secure manner. All you need is to take one look at the headlines about password dumps to see that. But do we even need passwords at all? Even though we're all still used to punching in passwords, people in the computer industry have been discussing eliminating them for quite a while now. Back in 2004, Bill Gates himself pointed out that the whole idea of a password was flawed for situations where a high level of security was needed. But if this is true, what would we use instead? Microsoft seems to think they've got it all figured out. If you have a Microsoft account, you could actually go into your settings right now and choose to convert your account to password lists. Instead of using a password, you can use the Microsoft Authenticator app to secure your account. Each time you want to log in, you'll either get a verification code from the app or through SMS or email, get prompted for a physical security key, or use biometrics like Windows Hello face scan. The password list isn't just something Microsoft is doing, though it has stolen the headlines considering it means you can go entirely password lists on Windows. Many mobile apps have allowed you to log in with a fingerprint after just a first time setup. And the signs also point to Google moving to a password list model with those one tap authentication prompts that show up on your phone, possibly being the way of the future. In fact, Google builds security keys directly into Android phones themselves in order to verify that it's actually you trying to get into your own account. Of course, even though none of this will sound super novel to anyone who's ever used two factor authentication, as all of you should be, we probably still have a ways to go before passwords really become a thing of the past. While large firms like Google and Microsoft will probably lead the way in implementing it, it won't be trivial for smaller organizations to switch all of their infrastructure over to password lists, especially as users often have to log into multiple services that might not automatically play nice with each other. It's for this reason that IT departments might be looking more at a concept called the Federated Login, which essentially means that one login will get the user into all the services they need. But this takes work to implement, and this isn't the only barrier to ditching our passwords. If all of this sounds like two factor authentication with, you know, one less factor, you'd be right. Although not having a password sounds super convenient, it has the potential to make things a massive headache if a user loses their phone or their physical access token. So cybersecurity workers face a challenge in figuring out a practical way to verify a person's identity if the worst happens. Personally, I'm a fan of good old fashioned secret handshakes. So thanks for watching guys. If you liked this video, hit like, hit subscribe, and hit us up in the comment section with your suggestions for topics that we should cover in the future."}