Bitcoin Forum

Other => Off-topic => Topic started by: hazek on December 01, 2012, 09:30:17 PM



Title: Passwords and security
Post by: hazek on December 01, 2012, 09:30:17 PM
Did anyone read http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/ and what did you think of it?


Title: Passwords and security
Post by: hazek on December 01, 2012, 09:49:51 PM
Did anyone read http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/ and what did you think of it?

I never liked the idea of login with Facebook or Google or Twitter account on other websites. Yet so many embraced it.  :P

Yeah me neither. I too would prefer a hardware solution.


Title: Re: Passwords and security
Post by: casascius on December 01, 2012, 10:26:51 PM
Not too long ago I took a class on the Scrum agile development methodology.  In the class we were split into four groups, and as each group, were supposed to pretend we were starting a company and come up with the idea for a product that this company could market.

In my group, I proposed that our "company" should produce a portable authentication device meant to serve as a password replacement for getting on to websites.  When asked to describe how this device might work, I simply recited a list of features one might expect such a device to have... (my hypothetical device included the ability to create "relationships" with websites, the ability to read QR codes as an input method, emulate a USB keyboard as an output method like yubikeys do, and provide a means to make encrypted backups to an SD card)... all stuff that I had thought of in advance, and stuff that any designer of such a device would consider as typical.

Next, we were supposed to come up with some roadmap as to how to break the design lifecycle of our product into useful stages that could be planned into sprints and cycles.  The only difference between mine and everyone else's is that mine was totally realistic, owing only to the fact that I had thought about wanting such a thing to exist in advance, long before ever considering the class, and having some familiarity with leading development teams, since I do that as my regular job.

My suggestion was no more brilliant than threads we see on the forum today, like Slush's hardware wallet proposal, however, I was viewed as some sort of genius and the instructor himself was like "uh, you should go into business and make that."

Needless to say, I don't view myself that way - the only thing different about me versus everybody else in the room is that I have a hobby-level interest in crypto and came into the room familiar with a real world problem that remains unsolved, and everybody else in the room does not and did not.  Meanwhile, each one of them could benefit from applications based on crypto, could clearly see that when the proposed solution was described to them bit-by-bit over a two-day period.  That's half the problem - there's not enough human bridges in the world to close the understanding gap that keeps this from happening overnight and help the world know to demand what it really needs.


Title: Re: Passwords and security
Post by: hazek on December 01, 2012, 10:44:10 PM
Actually if you had built it and it really worked on the plug&play level I think it would sell itself.. Don't make the classic mistake of thinking demand has to come before production. I bet if you could build a working prototype and give kickstarter type funding a shot you'd get enough money that could get you going.


Title: Re: Passwords and security
Post by: casascius on December 01, 2012, 10:51:09 PM
Actually if you had built it and it really worked on the plug&play level I think it would sell itself.. Don't make the classic mistake of thinking demand has to come before production. I bet if you could build a working prototype and give kickstarter type funding a shot you'd get enough money that could get you going.

I totally could, other than it's just a matter of focus.  I've got other good projects going on at the same time.

I am also convinced it is ultimately merely a software solution.  There is already good hardware that meets nearly all of these existing needs, namely, obsolete cell phones that people throw away every day.  I don't understand why we endeavor to invent this as a new piece of hardware, when someone could go take a Motorola Razr, disable the cellular radio, retrofit it for this purpose with new firmware, use its camera to read QR and use bluetooth keyboard emulation as the output, put it in a box, and ship it.


Title: Re: Passwords and security
Post by: hazek on December 01, 2012, 10:58:30 PM
Well from the consumers point of view it eventually has to be cheap and super easy to use.


Title: Re: Passwords and security
Post by: Fcx35x10 on December 07, 2012, 12:27:31 AM
it could be adaptable


Title: Re: Passwords and security
Post by: Phinnaeus Gage on December 07, 2012, 02:14:05 AM
And herein lies somebody's agenda?

Quote
The only way forward is real identity verification: to allow our movements and metrics to be tracked in all sorts of ways and to have those movements and metrics tied to our actual identity. We are not going to retreat from the cloud—to bring our photos and email back onto our hard drives. We live there now. So we need a system that makes use of what the cloud already knows: who we are and who we talk to, where we go and what we do there, what we own and what we look like, what we say and how we sound, and maybe even what we think.

The above concerns me more than the single password word I've used with everything going on 4-5 years now. The home I live in remains unlocked since day one, the keys to all my vehicles are on their consoles, and two of my lumber warehouses are unlocked.

~Bruno K~