Comment Re:Who you are; Something you know (Score 1) 146
The classic "username" and "password" combo provides two pieces of information in order to verify identify: who you are, and something you know.
Actually, it doesn't. Nothing in the username field has anything to do with identity. I can enter whatever I want there, or where it is an e-mail I can just enter whatever I want followed by @gmail.com once I've registered that as my e-mail account.
These are not two differen things. There's no actual difference between "username+password" and "password1+password2".
but using them to replace your password seems like a bad idea.
Only because passwords are such a stupid idea.
I want my biometric devices to have a distress function. Like "if I try to log in with THIS finger, lock the device, encrypt the drive, flush all secrets and require a password to unlock it".