Bitcoin Forum
December 07, 2024, 09:11:43 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Passwords and security  (Read 939 times)
hazek (OP)
Legendary
*
Offline Offline

Activity: 1078
Merit: 1003


View Profile
December 01, 2012, 09:30:17 PM
 #1

Did anyone read http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/ and what did you think of it?

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
hazek (OP)
Legendary
*
Offline Offline

Activity: 1078
Merit: 1003


View Profile
December 01, 2012, 09:49:51 PM
 #2


I never liked the idea of login with Facebook or Google or Twitter account on other websites. Yet so many embraced it.  Tongue

Yeah me neither. I too would prefer a hardware solution.

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 01, 2012, 10:26:51 PM
 #3

Not too long ago I took a class on the Scrum agile development methodology.  In the class we were split into four groups, and as each group, were supposed to pretend we were starting a company and come up with the idea for a product that this company could market.

In my group, I proposed that our "company" should produce a portable authentication device meant to serve as a password replacement for getting on to websites.  When asked to describe how this device might work, I simply recited a list of features one might expect such a device to have... (my hypothetical device included the ability to create "relationships" with websites, the ability to read QR codes as an input method, emulate a USB keyboard as an output method like yubikeys do, and provide a means to make encrypted backups to an SD card)... all stuff that I had thought of in advance, and stuff that any designer of such a device would consider as typical.

Next, we were supposed to come up with some roadmap as to how to break the design lifecycle of our product into useful stages that could be planned into sprints and cycles.  The only difference between mine and everyone else's is that mine was totally realistic, owing only to the fact that I had thought about wanting such a thing to exist in advance, long before ever considering the class, and having some familiarity with leading development teams, since I do that as my regular job.

My suggestion was no more brilliant than threads we see on the forum today, like Slush's hardware wallet proposal, however, I was viewed as some sort of genius and the instructor himself was like "uh, you should go into business and make that."

Needless to say, I don't view myself that way - the only thing different about me versus everybody else in the room is that I have a hobby-level interest in crypto and came into the room familiar with a real world problem that remains unsolved, and everybody else in the room does not and did not.  Meanwhile, each one of them could benefit from applications based on crypto, could clearly see that when the proposed solution was described to them bit-by-bit over a two-day period.  That's half the problem - there's not enough human bridges in the world to close the understanding gap that keeps this from happening overnight and help the world know to demand what it really needs.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
hazek (OP)
Legendary
*
Offline Offline

Activity: 1078
Merit: 1003


View Profile
December 01, 2012, 10:44:10 PM
 #4

Actually if you had built it and it really worked on the plug&play level I think it would sell itself.. Don't make the classic mistake of thinking demand has to come before production. I bet if you could build a working prototype and give kickstarter type funding a shot you'd get enough money that could get you going.

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 01, 2012, 10:51:09 PM
 #5

Actually if you had built it and it really worked on the plug&play level I think it would sell itself.. Don't make the classic mistake of thinking demand has to come before production. I bet if you could build a working prototype and give kickstarter type funding a shot you'd get enough money that could get you going.

I totally could, other than it's just a matter of focus.  I've got other good projects going on at the same time.

I am also convinced it is ultimately merely a software solution.  There is already good hardware that meets nearly all of these existing needs, namely, obsolete cell phones that people throw away every day.  I don't understand why we endeavor to invent this as a new piece of hardware, when someone could go take a Motorola Razr, disable the cellular radio, retrofit it for this purpose with new firmware, use its camera to read QR and use bluetooth keyboard emulation as the output, put it in a box, and ship it.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
hazek (OP)
Legendary
*
Offline Offline

Activity: 1078
Merit: 1003


View Profile
December 01, 2012, 10:58:30 PM
 #6

Well from the consumers point of view it eventually has to be cheap and super easy to use.

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
Fcx35x10
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
December 07, 2012, 12:27:31 AM
 #7

it could be adaptable
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1918
Merit: 1570


Bitcoin: An Idea Worth Spending


View Profile WWW
December 07, 2012, 02:14:05 AM
 #8

And herein lies somebody's agenda?

Quote
The only way forward is real identity verification: to allow our movements and metrics to be tracked in all sorts of ways and to have those movements and metrics tied to our actual identity. We are not going to retreat from the cloud—to bring our photos and email back onto our hard drives. We live there now. So we need a system that makes use of what the cloud already knows: who we are and who we talk to, where we go and what we do there, what we own and what we look like, what we say and how we sound, and maybe even what we think.

The above concerns me more than the single password word I've used with everything going on 4-5 years now. The home I live in remains unlocked since day one, the keys to all my vehicles are on their consoles, and two of my lumber warehouses are unlocked.

~Bruno K~
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!