[BITList] For our Apple friends
franka
franka at iinet.net.au
Mon Jan 9 13:24:54 GMT 2012
As we get older its possible this could come handy
frank
Have you ever forgotten the login password on your MacBook?
Forgot password hint
Fortunately, there's an option to receive a hint reminding you of what
your password might have been.
Which is terrific, unless - of course - someone else is able to work out
your password from that hint. Someone like, for instance, the guy who
has just stolen your MacBook.
TARDIS. Bigger on the inside than the outside..Let me give you an
example. Imagine my password was "Doctor Who". Admittedly, it's not a
very good password - but we know many people don't choose passwords wisely.
And imagine that my password reminder hint was "The greatest TV show
ever broadcast".
Anyone who stole my laptop might be able to guess my password from the
hint, or discover my love of "Doctor Who" via the breadcrumbs of
evidence I've left across various message boards over the years.
Apple believes that many people choose "either not to use a password at
all or to use a trivial password" because they worry about losing access
to the computer if they forget their password.
And that's a problem.
MagsafeThe New Scientist has uncovered
<http://www.newscientist.com/blogs/onepercent/2012/01/forgotten-your-password-ask-yo.html>
a new patent from Apple that shows how a power cable could help users
access their computing devices when they forget their passwords - and
perhaps improve security.
Specifically, the patent
<http://www.pat2pdf.org/patents/pat20120005747.pdf> aims to stop thieves
of laptops, iPads and iPhones gaining unauthorised access to the
portable computing devices.
The patent notes that although such devices are commonly stolen, thieves
rarely also steal cables (perhaps because the owner of the device hasn't
taken the power adapter out with them - let's face it, the battery life
on the iPad is so good that you may not have to lug a power lead around
with you.)
Apple's idea is that a memory chip on your power charger could store
information about your password - such as, for instance, an encrypted
version of your password reminder hint.
That way, if you've forgotten your password you could just plug your
laptop into the wall, to receive the secret password hint.
Plug in for a password
That all sounds kind of neat, so long as the bad guys don't steal your
power adapter alongside your computing device. And it would mean that
rather than the current scenario of anyone who stumbles across my laptop
being able to see my "greatest TV show ever broadcast" password hint,
only those who have my power cable will know.
It's not a lot of extra security, but it would make life somewhat
trickier for opportunistic thieves.
Patent showing Apple cable helping with password recovery
Security is boosted further by another idea in the patent, which would
require authentication from a network server before the password hint is
served up. I can imagine, for instance, that the network server segment
of the password reminder might only be delivered if the user has
instructed Apple (perhaps via their Apple ID?) that they are attempting
to recover their computer's password - something you wouldn't do if the
device were in the hands of a thief.
What impressed me a little less were some of the other scenarios Apple
describes in its patent. For instance, they detail how the technology
could be used not just to provide a password reminder hint but to
actually recover the password itself.
Password retrieved by plugging in a cable
That could make it child's play for someone sharing your house, or with
access to your office, to break into your plugged-in laptop and cause
mischief. No password guessing required!
Presumably Apple has included these less secure implementation methods
to widen the scope of their patent, rather than because they think they
are particularly sensible without additional authentication.
The patent goes into much more detail
<http://www.pat2pdf.org/patents/pat20120005747.pdf> - explaining, for
instance, that password information could be stored not just on power
cables, but any type of peripheral device associated with the computer -
your printer, an external monitor or a wireless router, for instance.
Whether we'll ever see Apple incorporating this technology into their
products remains to be seen. But as battery performance improves in
computing devices, there might be an increased attractiveness in needing
more than the laptop, smartphone or iPad itself to be reminded of your
password hint.
As Apple says, "If password recovery can be provided in a convenient
way, then the user is more likely to use a password, and protection will
be increased."
So, look forward to a possible future where you have to keep an eye on
your power cable as well as your laptop.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0001.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: forgot-password.jpg
Type: image/jpeg
Size: 97040 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0006.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tardis-icon-170.jpg
Type: image/jpeg
Size: 17156 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0007.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: magsafe-170.jpg
Type: image/jpeg
Size: 10442 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0008.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: password-plug-in1.jpg
Type: image/jpeg
Size: 32089 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0009.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apple-password-cable.jpg
Type: image/jpeg
Size: 22625 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0010.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: password-retrieved.jpg
Type: image/jpeg
Size: 21721 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/fd91b70e/attachment-0011.jpg
More information about the BITList
mailing list