Add to Watchlist

Taking the pain out of passwords and authentication

12 views

Citation of segment
Embed Code
Purchasing a DVD Cite video

Formal Metadata

Title Taking the pain out of passwords and authentication
Title of Series EuroPython 2015
Part Number 149
Number of Parts 173
Author Willmer, Alex
License CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
DOI 10.5446/20067
Publisher EuroPython
Release Date 2015
Language English
Production Place Bilbao, Euskadi, Spain

Content Metadata

Subject Area Computer Science
Abstract Alex Willmer - Taking the pain out of passwords and authentication Passwords are a pain for us all - programmers, users and admins alike. How can we reduce that pain, or eliminate it entirely? This talk will - Review research into techniques that improve the usability of password systems, and mitigate shortcomings - Introduce the new standards Universal Authentication Framework (UAF) & Universal Second Factor (U2F) - Describe how they streamline authentication, even eliminate passwords entirely - Show how to integrate UAF/U2F in Django and other Python frameworks - Summarize the state of support for UAF & U2F in browsers, devices, and the wider world
Keywords EuroPython Conference
EP 2015
EuroPython 2015
Series
Annotations
Transcript
Loading...
without loss hello everybody my name is Alex
and I'm addicted possible it's welcoming yourself thank you it's been beamforming since my last that last login my addiction started in 1996 Sesame into my new free so that can 1
possibly content tend get a hundred I since lost count some days I go go through thousands of bits of entropy in a single session with your help I hope that I can get it get through this problem so I won't dwell on
this we all know the Woodstock everybody myself included and I'm certain a lot of you chooses 1 2 3 4 5 6 the same parts what I use my luggage we're use them we write them down which share them and we get inevitably fish and we still forget the the bloody thing equally from the point of view from of the server passwords are a pain in the ass the complexity rules just keep getting more Kafkaesque as we progress there is such a thing as a lower case number and I'm not sure it's possible to get 3 unique symbols that have to be somewhere some password requirements wanted to do so and equation is 2 weeks if anybody was and don't worry your password is stored securely
it's getting worse the breeding like cockroaches I'm sure there is somebody in this room that has a password database upward of 500 or a thousand possible strong passwords adjust to complex for the human brain to remember usable passwords adjust to work too weak to be of any use and animals lost progressing the is rising to top it all off and we've now got games consoles phones that understand all manner of crazy Internet of Things devices asking for your password and yes you still do need to have 3 symbols mixed case and the digits I'm part of a fine tradition today predicting the death of the password Bill Gates predicted 2004 IBM in 2011 wired magazine predicted the death of a password in 2012 so he googling 2013 WallStreetJournal in 2014 I'm sure that there is somebody in 19 seventies predicting the death of the password taking and this liberty but I think even Winston Churchill understood where we're coming from the problem is not the passwords of bad the problem is that
passwords on the least worst option they all the least common denominator their work all kind of work everywhere when we compared to the alternatives federated login people know what they are but the fragmented was it you all Google account was Facebook account was your Twitter account was get how the count was it you all and Mozilla Open ID account is it's hard to remember and passwords of 3 to implement and deploy the command box with Django and various other site web frameworks and federated login is it requires a slightly more effort but but it it leaks tracking that every time you log in with your Facebook account to 0 wine magazines wide but also Facebook knows and so does everybody and so the the advertisers that partner with Facebook and you can't use a Facebook log in to Logan teeth stuff lecture the distinct advantages federated organs have a password is that the act reaching credentials is something else is problem but if we compare pass to hardware tokens 100 tokens is still we it's just buying accident big businesses and enterprises use them so um by why wouldn't be happy giving a security token to of my aunts my uncle horse let's say In addition to that their proprietary if you want to use an nice secure ID you have to use it with our state security software and you can't substitute another token if firms the security becomes expensive or unavailable they're hard to deploy you have to physically post mountain and hard to read because the post of software tokens have become a bit more popular in recent years and think of Google Authenticator they're often also paired with the SMS technique sending a six-digit PIN far from call or as a text message I their truck they require a bit of training again the fragmented there is a standard and in theory you don't have to use the Google Authenticator application you can use any application that works with that the standard but it's an the bitterness uh you usually don't need a 3rd party to use such an application thought some of them do and they do metadata when you log in biometrics the familiar everybody seeing iris scanners and fingerprint readers in the movies then that is so you don't need to train people how to use them the problem with that by metrics is that's about the only good thing about them that proprietary the expensive there hard to deploy because nobody has a fingerprint reader unless it's on an iPhone then impossible to radius here until cloning comes along of and with the exception of this I platform with Touch ID is almost no so we start with or can we do to mitigate this so the 1st 1 is that uh and you might want to switch out your password generator and I'm sure you're all familiar with certain xk CD cartoon I will mention it by name but if you'd like to use it and you can't be bothered to code your own I highly recommend costs phrase pick installable comes with a command line tool and you don't have to give any special incantations given nice familiar but xk CD style password studies have shown that this style pass-phrase is easy to use easier to use than the mixed case symbols digits type and if you need extra entropy just add another word similarly horse races just as is usable from the command line doesn't causal search is also also model that you can import if you have 15 years being mixed-case digits at least 1 upper-case then you can make that a bit easier to type on phones and games consoles and thermostats and I'd like to try a quick experiment the could you will
get area phones we're tablets and try to type that possible would you don't have to type into a password field just any text editor role note application will do to give your mental tape raise your hand when you done I had fantastic how many times did you have to switch keyboard did anybody made data yeah so on average depending whether it's Android I Os different versions takes 24 tabs on 9 keyboard changes type a password and and it's a typical randomly generated and considered strong password now I'd like to try this variance raise your hand when he finished the sorry so yes a case of a few raised hands without easier the OK so the improvement is to save about 7 taps and you only have to change the world twice with this variant this comes from some research done by the US National Institution for Standards and Technology sorry that's institution for science and technology and they find that on average you say a set number of taps in a certain number of people changes by permuting passwords like this if you'd like to put me urine passwords either creators of Python package for you can use it from the command line or in your python software that Lincoln was will take you to a summary of the research by permuting the password you do lose some entropy you can typically regain that lost entropy just by just adding 1 or 2 characters and the research summarizes the the bits of entropy lost and gained by that in by the permutation and and in extra characters I hope to be able to get this integrated into key passport provide as plug-ins so and in the coming months the now if you're running server annual fed up with the or users choosing 1 2 3 4 5 yet again the classical way of combating this is to ask for mixed symbols digits never repeating not centers username there'll ad hoc rules what you really care about is entropy but it takes the math to measure entropy so very few people coded up luckily you don't need to it's been done for you if you're writing Django at and you'd like to get rid of those but knowing roles beat still like to encourage users to have strong passwords then you can use Django z x seeing the BN costs it's gender on that that is a mixture of python and Java script it's based on a on underlying package called z exceed the BN and they know it measures the entropy of the password based on the user name and the current day and a few other signals and as the past as the user types in new password it gives them an interactive strength meter and again there is research that has been done to show that if you provide this interactive feedback it encourages users to pick strong passwords without antagonizing them without driving them away as much because of course when somebody's creating an account you don't want to drive them away with repeated validation errors on the new account and if you'd like to use z expedient in other Our framework so then I think that these the Python Package Index page for this Django and also links to the underlying package that you can use yourself another thing you can do to make your users lives easier is to let them see the possible
we've taken it as we take it for granted that he should hide the password when people talking in 30 years now that makes sense when the passive feel would always appear on an office computer in the middle of the load cubicles with people passing behind without but without being behind the screen all on a shared terminal on a mainframe but those days it past multimed than not you'll be typing a password on the phone or tablet we lack talk and there won't be anybody else around so why 103 and the safest thing to do so as to not scary uses way of make them think that the form is broken insecure is to find faults still hide the password but provided little tick box or uh clickable icons so that they can show it at the link below goes to V. page from which this screenshot is taken and shows more examples I'm afraid I don't have a pre-packaged Python solution for this just it is so it is a standard feature of log dialogs windows
Internet Explorer past so version that has a slightly unusual implementation in that rather than that I symbol being of all toggle you actually hold your finger down on it on a touch screen all the mouse buttons and it shows as long as it's being are clicked on like a dead man's switch so this is the this is ongoing usability evolutionary and this is a very good chance that browsers will implement it like this but by default but it's not happened yet of it should so ideally if it if this ever becomes a reusable HTML component or some form of HTML 5 uh things fall back it should take into account that it could become a native the final mitigation that I'd like to say that I'd like to suggest is please please please don't disabled auto-completion don't disable password managers the 2nd example we see that was I call that the British Gas called out quite recently for doing this on Twitter and and thanks to the was Twitter not create more at a Twitter modeled a Twitter modeled brandishing pitchforks and torches and British Gas will be reconsidering the practice of using this but unfortunately umpteen banks and the counts city councils county councils still think that they that should allow you to save your password unfortunately the only way to get 1 to time so that more or less all I have to say about that passwords the next thing I want to introduce to you is a new standard or a new pair of standards for authentication they come from a body called the find alliance which was set up a baton year-ago to fix strong authentication and as I said earlier the problem with all the alternatives to passwords is that they tend to be fragmented proprietary unfamiliar and generally on standardized in the final lines mission is to fix all those things there is token specifications they will did if you pay the money they will do certification testing for you and give you a logo trademark that you can use and stamp products we don't have to do that and it's based on public key cryptography and think of the Wi-Fi Alliance a decade or 15 years ago when wireless internet was still a weird thing the they all are the Wi-Fi Alliance for authentication end the aim of the standards is to allow multiple authentication methods such as dongles fingerprint readers opinions smart cards mobile phones whatever to all be usable against the same API and old be usable no matter what the transport be that your space Bluetooth NSC something we haven't thought of yet single browser API no matter what combination of those gets used and because it's based on public key cryptography no sensitive data leads users authenticator says nothing sensitive on your server to be leaked out there's nothing sensitive in the browser to get fixed so if God forbid you user database gets a little the only thing the only sensitive information will get into the wild is things that specifically chosen to gather final on standards don't require that you gathering e-mail address you can still gathering e-mail address and if God forbid your server gets breached an e-mail addresses the worst thing will get really password hashes if it within the fight alliance standard but is and isn't industry consortium the Big Bang is far Google that Microsoft are saying some sort of pay pal and a host of others but there the internet companies that are as fed up with authentication as you are and and it's growing and recently a recent they accepted at 1st government the members so the
at US Government National Institute of Science and Technology has joined and so has the UK Home Office there 2 standards that have been announced by the Fido alliance the
1st is universal authentication framework this is the 1 that is designed to replace passwords 2nd is the universal 2nd factor framework that's the 1 that's designed to standardize 2 step authentication so he still have a password on the 2 s but it doesn't have to be a strong because you've got a 2nd factor it could just be obtained if you want to the way they no matter which of those 2 you choose the way it's the way it works is before you even that the 1st the very 1st time you open an apple visit website you'll be asked to register and and it can but doesn't have to ask for use in an e-mail address but when it comes time to a set of secret you would activate your the authenticated beer the that your mobile phone or you're speaking or something else your authenticator would generate a new private key that proteins only used this pairing studies for any other so have 2 different websites but I used against the Sankei there's no way to those 2 websites not connotes the Sankei it's just different private key they say primary key is stored in a secure element on the authenticator and the authenticator sends back to your website to the at a public key and a key handle for use in future authentication session
these once registration is complete the service stores private key against that users identify user name and e-mail address whatever and can be sent back to the authenticated as a challenge next time authentication looks almost identical to registration the only difference is that when the user is asked to activate their authenticated it really it it uses the case that it previously generated 2 signs the challenge sent so to give you a concrete example with some code this is a pseudo code Python web server that's handling the registration for a new new to f devices the library when using is an open source BSD-licensed package provided by you because it works with you become OK is it should also work with you to as authenticators for many other the and why did you see there is just the an edge it is just the the main over our website it must be HTTP S you cannot do uh any find alliance authentication over an unsecured channel we
simply generates a challenge story and some session against the user's username and send that challenge to client the challenge gets sent is just a short snippet and it's older by 64 encoded so it's safe to stick anywhere that you the you don't have to worry too much about binary encoding of the that these challenge that you see of the bottom is just a randomly generated by string there's no structure to it but and you can generate as many as you want and throw them away you don't have to worry about that and I didn't have to worry about losing the so that challenge gets sent to the browser and the simplest way of doing that would be to just put in Hidden Field on your on your registration for within the browser the the EU tourist provider provides a job script API which we call you to adopt register with the challenge of generated server side
that takes a callback that except the response generated by the authenticator so what would happen when this John script gets it if this little authenticate was plugged into the laptop little green light starts flashing as part of your page a production text saying please activate your device now i is the use of touch that which allows the authenticated to respondents had a proof of human presence it generates new predicate returns at this JavaScript Java Script fix it in but the text field and submits the form and responses again is just and Jason the challenge is exactly
what was sent by the server there climate data and registration data are generated by the key and they are a cryptographically so attached to the challenge so the traits so somebody changes the challenge on the wire the client data and registration data will not validate the FIB also is what was sent by the server has to match that gets changed if somebody tries to demand middle attack the false signatures will fail it is but it doesn't matter that it's thinking became it it just has to be guided by you to an authenticated that final
step of registration server we receive the challenge that was sent binary sorry we we receive a response that was sent by the you to if authenticated we retrieve the challenge that we generated earlier we cool and to FDR complete registered with both of those that takes care of all lucrative all of all cryptography forest checks the signatures and returns a registration object that's just Python dictionary contains a key handle the public key of the authenticator that was freshly generated and the AP idea that we generated all way back we save those 3 things for future authentication and and
that's just an example of the registration that is at return when we called complete register function the thing that I'm going to skip over there is the attestation certificate that is so that you can say I will only accept signatures from if you want to restrict yourself to just you became or just sansón finds all just some particular brand you can do they all contain a manufacturer or certificate or the manufacturer signs that certificate and there is an online database you can check process take attestation certificate against and but for simplicity we're just going to skip over that right now authentication is almost identical on server we generate a challenge the difference is that instead of start register this time you start authenticate again we save the challenge that we challenge like this Apple idea is the same that we as it was during registration challenges of freshly generated at random killing Key handled it is what was return by the authenticated during registration and it's how we identify the key again on the clients received the challenge
submits it to the authenticated defense character starts flashing all get is doing something being leading beat so that it can get your attention the user activates the authenticator and the authenticated then returns a response the can transmit factor server uh on this you just press the gold circles of this world that doesn't prove its name he approves and present this is so this is a new to and device the idea of it is that it is the 2nd factor so obviously this is cryptographically unique it's got a private key inside that was burned in Bern at the factory it's time for evidence that sort of thing but so is only useful as a 2nd factor not as a a you 80 s of a universal you AF device which would have something by Mexican it so that it not only was it proof that it was the past and present the by the fingerprint of the retina and it was prove that it was is then you move the last you can use right the yes but then the point is you can use this is the the sole authentication factor cause it's if it effectively it's a baritone if someone steals and it was the sole factor and they would have everything they needed to pretend to be made so the final step of
authentication like I said this is a you need to every device this is the 2nd factor 2 and for log with this 1st as usual we verify the user's username and password assuming that's correct we get the associated device that was stored during registration we then called verify authenticate which gives us counter and defined as to whether touches In the current version of standard touch is
always asserted that that will always be true the point of the counter is that although this device is temporary it could be and vulnerability of some sort the counter is an indication of whether this device is being close so somebody could get in there with a microscope for I don't know powerful magnets for an X-ray machine or something they might be able to close if they did and we both using it there is an internal counter that would be and it shouldn't always increase but if the 2 of them sometimes you would see account of the returned that's less than the counts of the Seoul last time it was used if that happens it means someone's close the device and you need to take some sort of action could be sent user an e-mail lock the account it depends on the particular application assuming almost correct you then just store the new counter values device and the user successfully authenticated this being 2nd factor don't have to use it just login you can choose to do it when they when the user starts a sensitive that starts a sensitive like entering the London entering and in Section transfering 100 thousand dollars to Nairobi and you can you can ask for additional authentication at any point and so that brings us to the dance but before I do that this anybody have questions about the code the thank you for not not entirely about the truth about of if you have an future on your mobile any register 0 did you or more button to carry on your laptop in my instance and social jumping ahead of the the current version the vast majority of deployed hardware and moment just what to you but the standards included transports for Bluetooth low energy and then because that would have to next my a lot of to my reliance on using the well it would be Bluetooth low-energy so you wouldn't have to to devices they could but basically the browser if it supported that form of you are for you to have have a Bluetooth stack in it it would take for local devices your find the listening it was send a message that says yes I'm here yes I mean you wear authenticated the browser would then send back I have these handles do you know about any of the the fund say yes and the phone would go being leading Libby and asking to and authenticate from printed and look at such time for demo which
coming want and indeed alleging that
side it was really yes you
we test is some sort of thinking
edge on the screen I mean it's this acoustic peak around so this is
the demo application of a Django application called agenda to factor all it currently supports the Google Authenticator wrapped SMS phone call all plane you the 5 extended to also accept you to have devices so I'm currently not logged in and there is a secret page that I count the said on just organ saved passwords I thought I I thoroughly recommend possible managers and I haven't yet enable two-factor authentication on this account so I can view the extra secret page which requires additional verification so I need to set up to to a factor authentication here I can choose between the different versions in your own Django application you probably choose the problem provides the probably offer fewer choices just keep things simple I'm going to go with you to act instead the sorry can't see it but I do promise that there is a little bit there is a little green blinking LED here touch the dongle to prove that I'm present the sorry and so that jobs that I showed you earlier I the call back when it is cold just inserts it into the input with that idea in a real world applications you wouldn't have that box that what users will you show the user is just an animated thing saying now please activate your device and the 2nd that they did you submit the form and return all commands that the end so complete registration and and I've never found number at this point this is a standard feature of gender artifacts and this is just an example access not actually widened Twilio but in a real application would be so Cervantes register that found J. yeah so there we go this
accounts now registered factor and I can view that
secret page now that requires 2 steps for authentication follow them log in again choose password and I can choose whether to use authentication or not I'm going to touch the devices
but it's two-factor authentication without having to data finite pocket and type in the 6 bloody digits few
symptoms and question walls supported requirements the but if you want to see any of the code that domain those
Urals I will be uploading the slides tweeting the URL and supporting the URL on the description page this talk on your website I'm afraid the
code that you've just seen running isn't available on pipe idea I still need to convince the maintainers of the upstream projects that might pull requests were the so the browser
support and frame this is the bad news the only thing that supports you to and at the moment it's grown but
it's grown on any platform which is good and chromium and 5 books have evolved open to add support
and they just need somebody to do the work they're not that they're not supposed to it or anything and in a few days time windows tend to be released and the new age browser will support you to f and that 1 just USB tokens that will be and biometric devices like fingerprint readers for virus scanners into laptops that support Windows 10 the for the hardware support the only thing that the browser browser singular supports the moment USB standard for Bluetooth an NFC was released on the 1st of july this month and so expect support for small devices in the coming months but in terms of funds that support it if any of you have a galaxy S 5 or 6 or a galaxy of fault congratulations you have a unique you AF authenticated and you might already be using you where to log into type of the paper applications support users Uriah form devices and Jordan violence Google making a push for for all fingerprint authentication in that time touch ideas brainstorming on hundreds lunch for far too long and you will see more finds a fingerprint readers in the next few months being released crowd are 1 of the find members and then you hardware support box possibly even it would be the ultrasonic fingerprint reading so you can touch anywhere on the globe if you'd like more information these specifications
are available and there's a tutorial that goes into the step that I have in a bit more detail but there is a nice video that gives you a history of find alliance and the sales pitch and if you'd like to use any of you because open source libraries and they were until recently GPL but they are all lgpl but then I relicensing you can the uh you to act with you because tokens all In theory any other tokens for SSH Logan for pounds the only and their own that Python bindings go bindings their jobs bindings so and you don't have to be in a browser to use it the client application just has to implement the wire protocol that is standardized and thank you very the few
we do have time for questions and we have questions different this 1 right my current impressionist some of all that the only proves that you know that you are willing to authenticate the skills super-secret possible you and a manual is this correct so there are 2 standards from the fiber line I speak you so you to at the initiative factor authentication you are proving that you know a secret password and you are proving you know take you out of particular devices have control that that's understood but proved that there you are willing to altered indicators the possible abroad sorry could you repeat that your willingness 2 ought to indicate is that you type in your secret possible at that you have to remember model in a possible miniature by I would say that part of the the proof that you willing to authenticate and I is the proof that willing to authenticate is that both the you complete authentication the act of doing it is the indication that you're willing to do it all of those the 2nd proof that you're willing to authenticate and that's the pressing the button the button on that you're drafted biased s were where solid again that the the UBG New I guess uh that the the button in the middle of that a splintered and as long as this but nothing happens and this device only a response to the challenge if you click this type of these that doesn't need to be made exactly but that's why you're so that's where should use this you begin as the 2nd factor you shouldn't I won't recommend you to uh to and your puzzle I would recommend you do not yes effectiveness of users and in my opinion should use a strong password and then use this as a 2nd effect on you to and to increase security you what is because of your password could somehow get credit probably all what about the so so yes so you you to act is not a replacement for password of depending on the application you could choose to allow the weak passwords you don't have to the true promise at least from my point of view of the final Alliance is when the new AS standard comes about and that mandates that the authenticator not only proves that I'm president just pressing a button but also proves assigned me by some form of metrical typing in or something else and so I agree that by metrics are not the greatest thing they are mitigated in this case because the biometric data doesn't travel otherwise it never leaves the authentication device just like but Touch ID on my phone having no one's ever happy authenticating it was a quick up the question that I would get so if I understood the substandard correctly yeah it's required so if you have a physical device right so you can't have a what's circle the application on your PC so the stand the specification strong encourages you to make it a physical device specifically something that is temporary wouldn't and as a secure element but you have to do anyway because of this you can only connect using news well if you invert the kernel of evil and they tend to be a useful the device of their own and there is there is a job there is a Chrome extension that is a source you to F authenticator it has a particular and when that when you as the server receives the registration data that would be evident in the attestation certificate says nothing in 1 of protocol it says it must be hardware device why particles can't enforce that but you would the service has access to
uh metadata services that includes the and this is the the manufacturer signatures all various different devices so you become a sign there um certificate Samson assigned their certificate other providers of assigned that any software implementation of authenticated would have to have a a manufacturer ID but it would have to be available in the metadata service and you could choose to blacklist that or white list only you become devices what when registration occurs thank you I'm I've ever talk these and if I had the from using 1 to 2 x in the human with image to lose their it sounds quite so make clear that this is our use so 2 parts to that of any any website or application worth its salt that implements two-factor authentication will In the force you will strongly encourage utility and set up some sort of backup method that would typically be his eye color is a 6 digit codes right down on the paper and keep it somewhere safe all or it'll be please give us your mobile number will textual messages back up all both of those the gender two-factor authentication that lets you do both these on the part of it is that if I use that it's a of lost small black it's not an internal if I is that Scott on-board GPS going on board radio containing remotely I can ask it to wring itself if you gonna keep all your eggs in 1 basket that's a pretty good at asking yeah 2 questions 1 of them was really and um still I'm a bit confused because you start by saying well past would have issues and what the data in the demo the 1st thing you do is take a bus with and then uses the positive manager to store to basically put your variants of the computer and then use a 2nd authentication using your tokens which while I'm not convinced you know the lake others that it's a suitable solution not questioning of and how is this any different from grits indicator in the sense of the growth of actually is convenient because the 6 digit number that is changing all the time and synchronized with the clock somewhere and there true by the memory that does exactly the same job or went on possible to think and and this whole behind the to justify how good this is so I don't see how to the group device will actually of about is better than something which is purely software so Google Authenticator 1 time password standard that is based on how do require that the server stores the sea that generates the 6 numbers every 30 seconds so if there is a certain bridge very secret data in addition to the possible it and with these the service not storing anything secret why find this more convenient than talking in 6 that going to the Google Authenticator rapid talking in the 6 digit number that but it it uh and you have a choice of what you want to use and you can use this is your Google Account by the way is the residue became or as you to if device and if you want a dedicated you to have devised new carrots chief about 15 years sorry I forgot the important question of we set them from 1 very short question and this is a yes-or-no question In the vital state is there any on capability to rest passwords this is the the case where someone is putting a gun to my head and I need to log into my banque but I want to indicate my bank I want to be able to successfully login but also indicate that I have begun to my so it's a 2nd password that also works indicates the bad conditions so in the case of you who have your duress cost would be would be you type that in it's the 1st factor I guess that wouldn't be part of the new to that would be codified exchange in terms of you may ask I haven't
seen any reference to that the only this is speculation now the only way I can think of doing it would be if you tactile device that of the normal authentication if you press and hold it does the rest but I I don't know if this could be the programs do that
I I don't know if there's anything in the fighter standards for be the unit that you thank
Entropy
Meeting/Interview
Counting
Insertion loss
Bit
Online help
Point (geometry)
Complex (psychology)
Keyboard shortcut
Server (computing)
View (database)
Password
Icosahedron
Mereology
Rule of inference
Number
Database
Metropolitan area network
Server (computing)
Symbol table
Computer animation
Personal digital assistant
Mathematics
Password
Mixed reality
Equation
Game theory
Internet der Dinge
Digitizing
Task (computing)
Form (programming)
Java applet
Scientific modelling
Tap (transformer)
Biostatistics
Fraction (mathematics)
Mathematics
Type theory
Mixed reality
Computer configuration
Computer network
Cloning
Belegleser
Information security
Error message
Uniform space
Exception handling
Personal identification number
Metropolitan area network
Enterprise architecture
NP-hard
Keyboard shortcut
Bit
Message passing
Text editor
Digitizing
Electric generator
Writing
Mobile Web
Password
Rule of inference
Open set
Number
Mixture model
Computer hardware
Scripting language
Implementation
Computing platform
Data type
Home page
Standard deviation
Counting
Login
Cartesian coordinate system
Symbol table
Word
Radius
Software
Personal digital assistant
Mixed reality
Game theory
Entropy
Keyboard shortcut
State of matter
Multiplication sign
Permutation
Web 2.0
Word
Facebook
Linker (computing)
Cuboid
Software framework
Addressing mode
Area
Feedback
Token ring
Internet service provider
Metric tensor
Exterior algebra
Website
Self-organization
Data type
Metre
Server (computing)
Freeware
Observational study
Numerical digit
Token ring
Feedback
Tape drive
Login
Theory
Metadata
Field (computer science)
Wave packet
Twitter
Revision control
IRIS-T
Average
Touch typing
Integrated development environment
Plug-in (computing)
Fingerprint
Addition
Validity (statistics)
Interactive television
Variance
Leak
Computer animation
Computer hardware
Password
Sensitivity analysis
Combinational logic
Public key certificate
Linker (computing)
Single-precision floating-point format
Cuboid
Office suite
Multiplication
God
Mainframe computer
Metropolitan area network
Email
Touchscreen
Product (category theory)
Spacetime
Structural load
Token ring
Public-key cryptography
Open set
Tablet computer
Radical (chemistry)
Exterior algebra
Hash function
Smart card
Quicksort
Data management
Web page
Server (computing)
Implementation
Connectivity (graph theory)
Password
Web browser
Login
Computer
Twitter
Revision control
Latent heat
Goodness of fit
Internetworking
Database
Software testing
Address space
Metropolitan area network
Form (programming)
Fingerprint
Authentication
Default (computer science)
Standard deviation
Multiplication
Information
Computer program
Counting
Line (geometry)
Web browser
Symbol table
Sign (mathematics)
Single-precision floating-point format
Computer animation
Computer hardware
Password
Boom (sailing)
Key (cryptography)
Fingerprint
Window
Software protection dongle
Authentication
Metropolitan area network
Standard deviation
Key (cryptography)
Observational study
Divisor
Multiplication sign
Element (mathematics)
Password
Image registration
Public-key cryptography
Computer animation
Password
Universe (mathematics)
Factory (trading post)
Website
Speech synthesis
Software framework
Key (cryptography)
Curve fitting
Address space
Extension (kinesiology)
Server (computing)
Greatest element
Service (economics)
Identifiability
Open source
Code
Multiplication sign
Parsing
Image registration
Web browser
Client (computing)
Binary file
Variance
Web 2.0
Sign (mathematics)
String (computer science)
Dependent and independent variables
Scripting language
Data structure
Subtraction
Address space
Authentication
Metropolitan area network
Email
Server (computing)
Public-key cryptography
Web browser
Process (computing)
Computer animation
Data storage device
Personal digital assistant
Internet service provider
Revision control
Website
Library (computing)
Laptop
Web page
Server (computing)
Personal identification number
Java applet
Parsing
Image registration
Client (computing)
Mereology
Field (computer science)
Variance
Touch typing
Green's function
Dependent and independent variables
Scripting language
Form (programming)
Authentication
Product (category theory)
Key (cryptography)
Fibonacci number
Server (computing)
Web browser
Electronic signature
Sign (mathematics)
Proof theory
Predicate (grammar)
Revision control
Dependent and independent variables
Form (programming)
Server (computing)
Multiplication sign
Password
Image registration
Complete metric space
Client (computing)
Public key certificate
Sign (mathematics)
Forest
Database
Dependent and independent variables
Regular expression
Uniform boundedness principle
Subtraction
Authentication
Process (computing)
Key (cryptography)
Server (computing)
Real number
Image registration
Cryptography
Trigonometric functions
Public-key cryptography
Functional (mathematics)
Electronic signature
Computer animation
Dependent and independent variables
Right angle
Key (cryptography)
Object (grammar)
Point (geometry)
Ocean current
Server (computing)
Divisor
Multiplication sign
Parsing
Image registration
Variance
Revision control
Causality
Touch typing
Dependent and independent variables
Circle
Fingerprint
Authentication
Standard deviation
Server (computing)
Web browser
Transmitter
Sign (mathematics)
Proof theory
Computer animation
Touch typing
Factory (trading post)
Password
Dependent and independent variables
Quicksort
Form (programming)
Point (geometry)
Laptop
Group action
Divisor
Transportation theory (mathematics)
Code
Multiplication sign
Demo (music)
Virtual machine
Sheaf (mathematics)
Web browser
Food energy
Revision control
Computer hardware
Dependent and independent variables
Vulnerability (computing)
Form (programming)
Authentication
Standard deviation
Demo (music)
Moment (mathematics)
Counting
Cartesian coordinate system
Message passing
Computer animation
Quicksort
Computer animation
Logarithm
Demo (music)
Bookmark (World Wide Web)
Chi-squared distribution
Web page
Axiom of choice
Point (geometry)
Divisor
Real number
Demo (music)
Mathematical singularity
Password
Insertion loss
Image registration
Complete metric space
Number
Revision control
Plane (geometry)
Formal verification
Factory (trading post)
Cuboid
Software testing
Backup
Gamma function
Chi-squared distribution
Authentication
Metropolitan area network
Standard deviation
Touchscreen
Demo (music)
Gender
Login
Bit
Weight
Cartesian coordinate system
Bookmark (World Wide Web)
System call
Process (computing)
Computer animation
Password
Self-organization
output
Quicksort
Data management
Software protection dongle
Authentication
Web page
Metropolitan area network
Finitismus
Divisor
Demo (music)
Token ring
Login
Computer animation
Password
Factory (trading post)
Backup
Data type
Web page
Domain name
Slide rule
Datei-Server
Code
Server (computing)
Demo (music)
Disintegration
Projective plane
Web browser
Software maintenance
Human migration
Computer animation
Descriptive statistics
Laptop
Multiplication sign
Web browser
Biostatistics
Expected value
Latent heat
Term (mathematics)
Computer hardware
Touch typing
Cuboid
Software framework
Computing platform
Ultrasound
Fingerprint
Form (programming)
Authentication
Standard deviation
Information
Moment (mathematics)
Cartesian coordinate system
Web browser
Antivirus software
Computer animation
Computer hardware
Graphical user interface
Data type
Fingerprint
Window
Reading (process)
Scientific modelling
View (database)
Multiplication sign
Source code
1 (number)
Client (computing)
Image registration
Mereology
Public key certificate
Biostatistics
Videoconferencing
Circle
Information
Extension (kinesiology)
Information security
Fiber (mathematics)
Keyboard shortcut
Sound effect
Bit
Price index
Metric tensor
Proof theory
Process (computing)
Right angle
Data type
Point (geometry)
Server (computing)
Game controller
Service (economics)
Open source
Divisor
Software developer
Token ring
Web browser
Theory
Latent heat
Peripheral
Computer hardware
Touch typing
Graphical user interface
Form (programming)
Authentication
Standard deviation
Element (mathematics)
Line (geometry)
Cartesian coordinate system
Particle system
Computer animation
Personal digital assistant
Password
Dependent and independent variables
Communications protocol
Library (computing)
Axiom of choice
State of matter
Multiplication sign
Source code
Image registration
Mereology
Disk read-and-write head
Public key certificate
Medical imaging
Pointer (computer programming)
Sign (mathematics)
Oval
Price index
Electronic signature
Message passing
Process (computing)
Graph coloring
Data storage device
Internet service provider
Website
Quicksort
Whiteboard
Digitizing
Data type
Data management
Read-only memory
Server (computing)
Service (economics)
Divisor
Token ring
Code
Computer
Metadata
Number
2 (number)
Term (mathematics)
Bridging (networking)
Utility software
Condition number
Authentication
Addition
Standard deviation
Demo (music)
Gender
Forcing (mathematics)
Cartesian coordinate system
Local Group
Residual (numerical analysis)
Software
Personal digital assistant
Password
Backup
Authentication
Computer programming
Standard deviation
Computer animation
Software developer
Information
Control flow
Units of measurement
Loading...
Feedback

Timings

  652 ms - page object

Version

AV-Portal 3.8.0 (dec2fe8b0ce2e718d55d6f23ab68f0b2424a1f3f)