The video

Note: the times are GMT+0

Overview

Currently, most websites log you in the same way: You enter a username and password, the web-server hashes the password (generally via MD5(), or SHA1()). This hash is then compared to the one stored in a database - if it matches, the user knows the original password, so it logs them in.

This method has numerous problems, such as the password being sent unencrypted to the web-server, and the fact many users reuse passwords, if an intruder works out a users password (though any means), there is a good chance they can log into the same users email account, online banking etc etc..

The whole username/password login method has many flaws, most are down to the fact most people struggle to remember a single 5-6 character password, let alone multiple random messy looking passwords such as "Xm2K?pdT&av", as most "good password guides" suggest.