1. Attachments are working again! Check out this thread for more details and to report any other bugs.

Passwords? Forget about them

Discussion in 'Fred's House of Pancakes' started by pilotgrrl, Apr 10, 2018.

  1. pilotgrrl

    pilotgrrl Senior Member

    Joined:
    Jul 23, 2017
    891
    1,796
    0
    Location:
    Chicagoan in TX
    Vehicle:
    2016 Prius
    Model:
    Three
    Soon, this could become a reality, thanks to a new password-free web authentication protocol announced today by standards bodies FIDO and W3C.

    It's called WebAuthn, and it uses an external authenticator such as a security key or mobile phone instead of a password. These devices will connect directly to websites by USB, NFC, or Bluetooth to create a "phishing proof" method to identify yourself. Google, Mozilla and Microsoft have agreed to incorporate the final version of the standard in their browser products.

    This method uses a specific device you have to create a token that lasts only as long as it takes to authenticate you. There is no password that could be phished, sniffed, or stored in a database and stolen.


    FIDO Alliance and W3C have a plan to kill the password – TechCrunch

    Posted via the PriusChat mobile app.
     
    Mendel Leisk and scona like this.
  2. Mendel Leisk

    Mendel Leisk Senior Member

    Joined:
    Oct 17, 2010
    54,468
    38,103
    80
    Location:
    Greater Vancouver, British Columbia, Canada
    Vehicle:
    2010 Prius
    Model:
    Touring
    In the last office building I was working, if you ran up the stairwell to go up a floor or two, you needed to tap your passcard to release the door to get onto the floor. More than a few times I found myself reaching for my cellphone. Maybe on to something?
     
  3. Rmay635703

    Rmay635703 Senior Member

    Joined:
    Oct 16, 2016
    2,567
    1,595
    0
    Location:
    Somewhere in Wisconsin
    Vehicle:
    2013 Chevy Volt
    Model:
    N/A
    My phone was used remotely to log into a fraudulent account while I was asleep to make unauthorized purchases on my CC at a site I’d never been to.
    (I don’t use my phone or CC to buy anything online)

    Many CCs already use your IP to identify you and the type of fraud above is not only hard for them to detect,
    they will try to force liability for it on the card holder.
     
  4. Prodigyplace

    Prodigyplace Senior Member

    Joined:
    Nov 1, 2016
    11,696
    11,317
    0
    Location:
    Central Virginia
    Vehicle:
    2017 Prius
    Model:
    Two
    Some of us authenticate ( & authorize) ourselves at more than websites. For example, networks, computer & server OSs and other equipment without optical or RF sensors.

    Technically, we authenticate to our Prius with the Key Fob.

    Not everything is Internet connected either. The most secure things are not connected to the public Internet..
     
    #4 Prodigyplace, Apr 10, 2018
    Last edited: Apr 10, 2018
    pilotgrrl, Rmay635703 and wfolta like this.
  5. wfolta

    wfolta Active Member

    Joined:
    Jun 13, 2009
    366
    146
    0
    Location:
    Washington DC
    Vehicle:
    2018 Prius
    Model:
    IV
    Cool way to look at it: the Prius has an ultra-low-res fingerprint reader on the door handles, but it's two-factor and also requires the Key Fob.
     
    pilotgrrl likes this.
  6. Prodigyplace

    Prodigyplace Senior Member

    Joined:
    Nov 1, 2016
    11,696
    11,317
    0
    Location:
    Central Virginia
    Vehicle:
    2017 Prius
    Model:
    Two
    FHOP Learning Time!!

    AAA Authentication in the Prius

    Authentication - Who are you?

    Authorization - What are you permitted to do?

    Accounting - What did you do?

    The Prius Authenticates the fob as a trusted device. The Prius then Authorizes it to enter and start the car. While in operation, the Prius stores miles traveled, fuel used, and average speed among other things as Accounting information.
     
  7. vvillovv

    vvillovv Senior Member

    Joined:
    Mar 19, 2013
    3,492
    1,231
    1
    Location:
    NY
    Vehicle:
    2017 Prius Prime
    Model:
    Prime Plus
    Members
    FIDO Alliance Members: Bringing together an ecosystem - FIDO Alliance
    If those are members of an open standards group, I'll eat my red hat fedora ....
    See also The Open Group

    FIDO Alliance - FIDO Alliance

    extra points: What is SystemD -ebug

    super duper extra points
    Facebook to send Cambridge Analytica data-use notices to 87 million users Monday
    and another / quote
    The Outline
    There's plenty more where that came from.
     
    #7 vvillovv, Apr 10, 2018
    Last edited: Apr 10, 2018
  8. KennyGS

    KennyGS Senior Member

    Joined:
    Mar 28, 2014
    1,243
    1,044
    1
    Location:
    Keystone State
    Vehicle:
    2014 Prius
    Model:
    Five
    I have a few sites, including work sites, where I've had to key in a code that's sent to my phone. Been doing this for at least a year.
     
  9. VFerdman

    VFerdman Senior Member

    Joined:
    Jul 5, 2017
    1,148
    1,171
    3
    Location:
    Western Massachusetts
    Vehicle:
    2007 Prius
    Model:
    Three

    This has been so long overdue! Passwords are some of the worst security measures in today's world. I can't wait till they are long forgotten history.
     
    pilotgrrl likes this.
  10. Rmay635703

    Rmay635703 Senior Member

    Joined:
    Oct 16, 2016
    2,567
    1,595
    0
    Location:
    Somewhere in Wisconsin
    Vehicle:
    2013 Chevy Volt
    Model:
    N/A
    That works fine unless your phones hacked
     
  11. KennyGS

    KennyGS Senior Member

    Joined:
    Mar 28, 2014
    1,243
    1,044
    1
    Location:
    Keystone State
    Vehicle:
    2014 Prius
    Model:
    Five
    I always access from my computer (laptop), then code to my phone. If someone hacks my phone for the code, then how do they get into my account without the password also?
     
    pilotgrrl likes this.
  12. vvillovv

    vvillovv Senior Member

    Joined:
    Mar 19, 2013
    3,492
    1,231
    1
    Location:
    NY
    Vehicle:
    2017 Prius Prime
    Model:
    Prime Plus
    I doubt many will forget the password password and key 1234
     
    pilotgrrl likes this.
  13. William Redoubt

    William Redoubt Senior Member

    Joined:
    Feb 13, 2016
    1,215
    1,164
    1
    Location:
    Coronado Island, California
    Vehicle:
    2016 Prius
    Model:
    Two
    That scheme is inherently insecure. SMS messages are sent in plain text.
     
  14. vvillovv

    vvillovv Senior Member

    Joined:
    Mar 19, 2013
    3,492
    1,231
    1
    Location:
    NY
    Vehicle:
    2017 Prius Prime
    Model:
    Prime Plus
    it's a phone - do you need to say anything else?

    I hear something whispering about iOS crypto in my background.
     
  15. pilotgrrl

    pilotgrrl Senior Member

    Joined:
    Jul 23, 2017
    891
    1,796
    0
    Location:
    Chicagoan in TX
    Vehicle:
    2016 Prius
    Model:
    Three
    That's funny, I'm firing up Airsnort...
     
  16. Lucifer

    Lucifer Senior Member

    Joined:
    Aug 23, 2015
    1,014
    485
    0
    Location:
    Nh
    Vehicle:
    2017 Prius Prime
    Model:
    Plug-in Advanced
    Apple is currently using password to phone login..
    The Social Security Administration is also.
     
  17. vvillovv

    vvillovv Senior Member

    Joined:
    Mar 19, 2013
    3,492
    1,231
    1
    Location:
    NY
    Vehicle:
    2017 Prius Prime
    Model:
    Prime Plus
    hope ya can read dem dare logs
     
    pilotgrrl likes this.