No Passwords Required - New Tech Promises the Moon

Ritho · 29. Jan 2011, 09:30 PM

This is a must read. http://www.computerworld.com/s/artic..._the_password_

While a lot of it is hypothetical obviously, the basic premise they are presenting is that there are those who are naive enough, or at least think consumers will be naive enough to think there is such a thing as fool proof security. The things they don't mention is such a system would be plagued by the exact same things we are plagued by already, holes and vulnerabilities, man in the middle style attacks, sophisticated malware, etc.

The main difference, the stakes will be a lot higher. When you lose, you can loose it all.

eyeb · 30. Jan 2011, 12:36 AM

I dont really mind the idea... I mean how a password isnt needed because phone/other is used...

its like using electronic card locks (hotels/office buildings) to gain access instead of a physical key. the safety isnt that much different, picking a lock or hacking a lock are "same" but different technical skills. However with electronic locks, you can monitor it in real time and see when it is being unlocked and even if it isn't able to prevent it, it can log some info that is missing when a phyical lock is picked.

if using a phone is more convienent then why not? its no different than the cash->credit card transition and most people use credit cards instead of cash. Using a phone for payments is as secure as credit cards imo. Also credit cards/passports have RIF in them (well some do) so you "wave" card and sensor recognizes it. How is phone different than this? especially if phone is "stolen", you can go to cops and have them get a warrent to get phone's location via bulitin gps... or just wirelessly wipe the phone data.

garth · 30. Jan 2011, 01:23 AM

One problem i see with all this is that it relies on people having theses phones. An iphone is high end hardware of its type and unaffordable to many or even most people in the world. Then there are those like me that just don't want a smartphone of any type. I wonder if Google will get into the hardware market.

30. Jan 2011, 01:24 AM

If you use a password manager, then you don't have to memorize but one password. They also generate strong passwords for you too.

It would take YEARS to crack one of my passwords, literally, and by that time I will have already changed it many times over, and the bad guy would have already moved on to something else long before that.

As long as there are people that don't educate themselves in how to protect their private info, then those people will always be at increased risk, no matter what the technology of the time is being used to "protect" them. It's only a matter of time before the bad guys find ways to exploit it.

garth · 30. Jan 2011, 01:35 AM

Quote:

Originally Posted by JohnnyDollar

It's only a matter of time before the bad guys find ways to exploit it.

It occurs to me that not just the bad guys might seek to exploit this. I wouldn't be surprised if many of the world's governments are keeping a very close eye on the development of this tech, figuring out new ways in which they can harvest data and spy on citizens. I bet my government (UK) is.

eyeb · 30. Jan 2011, 05:30 AM

Quote:

Originally Posted by garth

One problem i see with all this is that it relies on people having theses phones. An iphone is high end hardware of its type and unaffordable to many or even most people in the world. Then there are those like me that just don't want a smartphone of any type. I wonder if Google will get into the hardware market.

the technology is already here...
Electronic Pickpocket
credit cards/driver licenses/passports/etc... the new ones in past few years have incorporated rfid

you wouldn't need a "smart" phone... my palm centro was "smart" back then but now is outdated and not "smart". my point is that the centro has IR built into it already which can be used to beam info (without bluetooth/wireless). And this has been in phones for a while so even without an iphone/android phone you could still end up doing this kind of things if it was wide spread.

plus the time it took to put the infrustructure in place would take longer time than needed saturate consumer products with the technology

Ritho · 30. Jan 2011, 06:25 AM

@ Eyeb My concern is not door locks. Doors have always be vulnerable, one way or another. What does concern me is that it is mobile technology connected to a network holding the "keys" to much more than your doors that they are talking about. If it is networked it can be hacked remotely.

Electronic key cards, credit cards, and other such technology, can't be infected with malware. That is how they are different. RIF was a bad idea, and they are just finding that out too. As bad RIF is, this idea is a hundred times worse.

A phone supporting all the technology mentioned in the article is a Pandoras Box imo. I don't care how smart it is. There will be zero-day vulnerabilites, hardware vulnerabilities, viruses and worms, that will attack and eventually break through. But in this case we are not talking about a home computer with potentially hidden data here and there, We are talking about technology that will be uniform, the hacker will know exactly where to look, and can do it in seconds. If it is a hardware vulnerability, it could exploit a million people before anyone even realizes it happened.

Concerned User · 30. Jan 2011, 07:28 AM

Quote:

Originally Posted by Ritho

@ Eyeb My concern is not door locks. Doors have always be vulnerable, one way or another. What does concern me is that it is mobile technology connected to a network holding the "keys" to much more than your doors that they are talking about. If it is networked it can be hacked remotely.

Electronic key cards, credit cards, and other such technology, can't be infected with malware. That is how they are different. RIF was a bad idea, and they are just finding that out too. As bad RIF is, this idea is a hundred times worse.

A phone supporting all the technology mentioned in the article is a Pandoras Box imo. I don't care how smart it is. There will be zero-day vulnerabilites, hardware vulnerabilities, viruses and worms, that will attack and eventually break through. But in this case we are not talking about a home computer with potentially hidden data here and there, We are talking about technology that will be uniform, the hacker will know exactly where to look, and can do it in seconds. If it is a hardware vulnerability, it could exploit a million people before anyone even realizes it happened.

Well said!

....Putting your eggs under one basket is a bad idea.

Ritho · 30. Jan 2011, 11:09 AM

Quote:

Originally Posted by Concerned User

Well said!

....Putting your eggs under one basket is a bad idea.

Doesn't the saying go ..."in one basket..." ?

Putting all your eggs in one basket is a bad idea, but putting them under one basket is certainly much worse.

(Sorry to have fun at your expense.

)

Concerned User · 30. Jan 2011, 07:23 PM

Quote:

Originally Posted by Ritho

Doesn't the saying go ..."in one basket..." ?

Putting all your eggs in one basket is a bad idea, but putting them under one basket is certainly much worse.

(Sorry to have fun at your expense.

)

oh no! guess I'm a basket case then

29. Jan 2011, 09:30 PM	#1 (permalink)
Ritho Foundation Editor Join Date: Apr 2008 Location: Planet Earth Posts: 1,391	No Passwords Required - New Tech Promises the Moon This is a must read. http://www.computerworld.com/s/artic..._the_password_ While a lot of it is hypothetical obviously, the basic premise they are presenting is that there are those who are naive enough, or at least think consumers will be naive enough to think there is such a thing as fool proof security. The things they don't mention is such a system would be plagued by the exact same things we are plagued by already, holes and vulnerabilities, man in the middle style attacks, sophisticated malware, etc. The main difference, the stakes will be a lot higher. When you lose, you can loose it all. __________________ The smallest good deed is better than the greatest intention.

30. Jan 2011, 01:23 AM	#3 (permalink)
garth Senior Member Join Date: Sep 2010 Location: Here. Posts: 1,451	One problem i see with all this is that it relies on people having theses phones. An iphone is high end hardware of its type and unaffordable to many or even most people in the world. Then there are those like me that just don't want a smartphone of any type. I wonder if Google will get into the hardware market. __________________ garth

30. Jan 2011, 06:25 AM	#7 (permalink)
Ritho Foundation Editor Join Date: Apr 2008 Location: Planet Earth Posts: 1,391	@ Eyeb My concern is not door locks. Doors have always be vulnerable, one way or another. What does concern me is that it is mobile technology connected to a network holding the "keys" to much more than your doors that they are talking about. If it is networked it can be hacked remotely. Electronic key cards, credit cards, and other such technology, can't be infected with malware. That is how they are different. RIF was a bad idea, and they are just finding that out too. As bad RIF is, this idea is a hundred times worse. A phone supporting all the technology mentioned in the article is a Pandoras Box imo. I don't care how smart it is. There will be zero-day vulnerabilites, hardware vulnerabilities, viruses and worms, that will attack and eventually break through. But in this case we are not talking about a home computer with potentially hidden data here and there, We are talking about technology that will be uniform, the hacker will know exactly where to look, and can do it in seconds. If it is a hardware vulnerability, it could exploit a million people before anyone even realizes it happened. __________________ The smallest good deed is better than the greatest intention.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

30. Jan 2011, 12:36 AM	#2 (permalink)
eyeb Senior Member Join Date: Sep 2010 Location: Planet X Posts: 487	I dont really mind the idea... I mean how a password isnt needed because phone/other is used... its like using electronic card locks (hotels/office buildings) to gain access instead of a physical key. the safety isnt that much different, picking a lock or hacking a lock are "same" but different technical skills. However with electronic locks, you can monitor it in real time and see when it is being unlocked and even if it isn't able to prevent it, it can log some info that is missing when a phyical lock is picked. if using a phone is more convienent then why not? its no different than the cash->credit card transition and most people use credit cards instead of cash. Using a phone for payments is as secure as credit cards imo. Also credit cards/passports have RIF in them (well some do) so you "wave" card and sensor recognizes it. How is phone different than this? especially if phone is "stolen", you can go to cops and have them get a warrent to get phone's location via bulitin gps... or just wirelessly wipe the phone data.

30. Jan 2011, 01:24 AM	#4 (permalink)
Abandoned Guest Posts: n/a	If you use a password manager, then you don't have to memorize but one password. They also generate strong passwords for you too. It would take YEARS to crack one of my passwords, literally, and by that time I will have already changed it many times over, and the bad guy would have already moved on to something else long before that. As long as there are people that don't educate themselves in how to protect their private info, then those people will always be at increased risk, no matter what the technology of the time is being used to "protect" them. It's only a matter of time before the bad guys find ways to exploit it.