[BITList] For our Apple friends

franka franka at iinet.net.au
Mon Jan 9 13:24:54 GMT 2012 

As we get older its possible this could come handy
frank


Have you ever forgotten the login password on your MacBook?

Forgot password hint

Fortunately, there's an option to receive a hint reminding you of what 
your password might have been.

Which is terrific, unless - of course - someone else is able to work out 
your password from that hint. Someone like, for instance, the guy who 
has just stolen your MacBook.

TARDIS. Bigger on the inside than the outside..Let me give you an 
example. Imagine my password was "Doctor Who". Admittedly, it's not a 
very good password - but we know many people don't choose passwords wisely.

And imagine that my password reminder hint was "The greatest TV show 
ever broadcast".

Anyone who stole my laptop might be able to guess my password from the 
hint, or discover my love of "Doctor Who" via the breadcrumbs of 
evidence I've left across various message boards over the years.

Apple believes that many people choose "either not to use a password at 
all or to use a trivial password" because they worry about losing access 
to the computer if they forget their password.

And that's a problem.

MagsafeThe New Scientist has uncovered 
<http://www.newscientist.com/blogs/onepercent/2012/01/forgotten-your-password-ask-yo.html> 
a new patent from Apple that shows how a power cable could help users 
access their computing devices when they forget their passwords - and 
perhaps improve security.

Specifically, the patent 
<http://www.pat2pdf.org/patents/pat20120005747.pdf> aims to stop thieves 
of laptops, iPads and iPhones gaining unauthorised access to the 
portable computing devices.

The patent notes that although such devices are commonly stolen, thieves 
rarely also steal cables (perhaps because the owner of the device hasn't 
taken the power adapter out with them - let's face it, the battery life 
on the iPad is so good that you may not have to lug a power lead around 
with you.)

Apple's idea is that a memory chip on your power charger could store 
information about your password - such as, for instance, an encrypted 
version of your password reminder hint.

That way, if you've forgotten your password you could just plug your 
laptop into the wall, to receive the secret password hint.

Plug in for a password

That all sounds kind of neat, so long as the bad guys don't steal your 
power adapter alongside your computing device. And it would mean that 
rather than the current scenario of anyone who stumbles across my laptop 
being able to see my "greatest TV show ever broadcast" password hint, 
only those who have my power cable will know.

It's not a lot of extra security, but it would make life somewhat 
trickier for opportunistic thieves.

Patent showing Apple cable helping with password recovery

Security is boosted further by another idea in the patent, which would 
require authentication from a network server before the password hint is 
served up. I can imagine, for instance, that the network server segment 
of the password reminder might only be delivered if the user has 
instructed Apple (perhaps via their Apple ID?) that they are attempting 
to recover their computer's password - something you wouldn't do if the 
device were in the hands of a thief.

What impressed me a little less were some of the other scenarios Apple 
describes in its patent. For instance, they detail how the technology 
could be used not just to provide a password reminder hint but to 
actually recover the password itself.

Password retrieved by plugging in a cable

That could make it child's play for someone sharing your house, or with 
access to your office, to break into your plugged-in laptop and cause 
mischief. No password guessing required!

Presumably Apple has included these less secure implementation methods 
to widen the scope of their patent, rather than because they think they 
are particularly sensible without additional authentication.

The patent goes into much more detail 
<http://www.pat2pdf.org/patents/pat20120005747.pdf> - explaining, for 
instance, that password information could be stored not just on power 
cables, but any type of peripheral device associated with the computer - 
your printer, an external monitor or a wireless router, for instance.

Whether we'll ever see Apple incorporating this technology into their 
products remains to be seen. But as battery performance improves in 
computing devices, there might be an increased attractiveness in needing 
more than the laptop, smartphone or iPad itself to be reminded of your 
password hint.

As Apple says, "If password recovery can be provided in a convenient 
way, then the user is more likely to use a password, and protection will 
be increased."

So, look forward to a possible future where you have to keep an eye on 
your power cable as well as your laptop.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0001.shtml 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: forgot-password.jpg
Type: image/jpeg
Size: 97040 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0006.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tardis-icon-170.jpg
Type: image/jpeg
Size: 17156 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0007.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: magsafe-170.jpg
Type: image/jpeg
Size: 10442 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0008.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: password-plug-in1.jpg
Type: image/jpeg
Size: 32089 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0009.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apple-password-cable.jpg
Type: image/jpeg
Size: 22625 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0010.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: password-retrieved.jpg
Type: image/jpeg
Size: 21721 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0011.jpg

More information about the BITList mailing list