Slashdot Mirror
Apple Patents Power Adapter That Recovers Lost Passwords
Sparrowvsrevolution writes "Apple has patented a power charger that also serves as a password recovery backup. If a user forgets his Macbook's password, for instance, he simply plugs in the cord, and it would provide a unique ID number stored in a memory chip in the adapter that acts as a decryption key, unscrambling an encrypted copy of the password stored on the machine. The technique, according to the patent, incentivizes better password use by avoiding traditional password recovery techniques that annoy users and lead to disabled or easily-guessed passwords. The new technique is only secure, the patent admits, in cases where the user leaves a mobile device's charger at home. So the idea may make the most sense for long-battery-life devices like iPods, iPads and iPhones rather than laptops, at least until laptop batteries last long enough that users don't take their power adapters with them and expose them to theft."
Well that's a reasonably stupid idea. Store the password with something many users are going to carry around with their laptop...
And even if you didn't.. you forget your password on the road, then what? And this is less annoying than having to answer a previously entered question?
Kills the 3rd party accessory market. Because you won't be able to get "crypto" power blocks from anyone else. Wanna bet?
I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
Than a normal USB security token? It seems like a power adapter is likely to be taken with the user. A smaller token could be carried on the person of the user. Or you can just write your password on a post-it in your wallet.
The Daddy casts sleep on the Baby. The Baby resists!
Password use *one way* hashing systems for a reason.
Thank you Apple, for once again eliminating desktop security.
Given the number of people I see charging up their smartphones in the office, I'd say the Apple patent people haven't quite grasped that smartphone battery life is a long way from what many people would like.
(Also, given that most non-computer devices like iPhones charge over USB, this seems distinctly less impressive. 'Put some data on some flash memory inside the battery charger' and transmit it over the USB connection hardly requires the kind of ingenuity that sending passwords up a DC power cable to a laptop does.)
why not resign themselves to the fact that users that care about security will use strong passwords and the built in tools already in place to protect themselves and the other 95% will not bother.
Cupertino has started dosing again.
I object to power without constructive purpose. --Spock
Security is only as strong as it's weakest password recovery method.
This whole idea completely forgets that the whole purpose of your password might be to stop you little-brother/offspring/tech-illiterate-housemate (ie: anyone who lives with you) from screwing up your device.
Seriously?
Boot while holding down Apple-S /var/db/.AppleSetupDone
mount -uw /
rm
shutdown -h now
Bam. Administrator access and all the password resetting glory you need thereafter.
I don't even have a Mac and I know how to do it. How fucking easy does it need to be?
-- I wanna decide who lives and who dies - Crow T. Robot, MST3K
As if they need a technical restriction, when they're so heavy handed with the legislative restrictions.
I'd never buy, for example a phone, that didn't have a micro USB charger, or a stereo that had a wacky propitiatory interface like an "ipod dock".
It shouldn't be legal to block or tax 3rd party accessory makers, and what's needed is more forced standards for consumer screwing companies like Apple.
It's only an Apple Tax (same as a Microsoft Tax) if you go that way.
Every time you buy into some proprietary technology you sell a little piece of your soul.
A feeling of having made the same mistake before: Deja Foobar
From TFA: "So the idea may make the most sense for long-battery-life devices like...iPhones"
In what universe is an iPhone a "long-battery-life" device?
Why bother with this at all? You can already enable your Mac accounts to use your Apple ID to log into your Mac. This is in addition to your regular login by the way. If you forget your password you can reset it in the cloud and then use that to re-log in to any device you've setup to allow that type of authentication.
From the Apple Help:
Hmm I can see this being pretty popular if there's an easy way to grab the password. Otherwise you've got the power adapter but no laptop that will be unlocked with it.
I wonder if Apple will also stop chargers from charging any laptop that doesn't have the same password hash?
All the world's a CPU, and all the men and women merely AI agents
All hashes are one way because data is thrown away. You can't even reverse simple checksums like CRC32.
This system doesn't store a plaintext password. It's like a secondary authentication system. Think SSH: You can authenticate using a password OR public key cryptography.
Put another chip in the wall outlet, that will communicate with a charger device using BPL, Data over Powerline, short range communications, RFID, or bluetooth; e.g. a "Password recovery" agent installed in a device somewhere else in the home plugged into another wall outlet, or built in to the outlet itself. wireless AP, linksys box, NAS, TVs, other home appliances would be good candidates to form a BPL-enabled self-organizing P2P network for facilitation of password recovery and theft prevention.
Some of the devices could incorporate a GPS location reading. If the device's location has changed significantly, then it is less familiar.
When the user logs into their computer, and authenticates, there will be a program they run on their computer to cause the power unit to "learn" which will scan the BPL or bluetooth for other devices.
Require the presence of other "familiar" home devices, for the password recovery procedure to be initiated.
This could also help if the charger got damaged or lost... just plug a new one in, enter the "House PIN #", and have it build the same shared secret key based on the identities of the familiar devices surrounding it that have an agreed upon shared key.
Also, high theft-risk non-mobile devices could enter an auto-lockdown mode, if powered on and no "familiar devices" are around.
All it took is sticking a PostIt note on the side. Can I now patent moving the sticky to the inside of my closet, where it will be more secure from friends and allow me to take the charger for travel?
The more junk they cram in the power adapters, the harder it is for 3-rd party companies to make copies without Apple's consent.
It was worthless before and it's still worthless now. I'm not even upset that they patented this trivial and non-novel idea.
"When information is power, privacy is freedom" - Jah-Wren Ryel
I keep hearing this about patents.
If it's trivial and non novel then why is no one doing it or previously put a patent on it?
It's not trivial or non-novel. it's just not being done.
Non impediti ratione cogitationus.
It's only an Apple Tax (same as a Microsoft Tax) if you go that way.
Every time you buy into some proprietary technology you sell a little piece of your soul.
OK ... good luck building your own non-proprietary car, TV, computer hardware, etc.
If it's trivial and non novel then why is no one doing it or previously put a patent on it?
Well apart from the fact that this particular idea is stupid (thus, nobody doing it), sometimes things just luckily don't get patented, like "fuel cells on a computer" and "fuel cells on a cell phone" which were both shockingly not patented up until this year. Somehow even among swarms of lawyers, a few conceivable ideas go unpatented sometimes. Shocking, I know.
This idea is both trivial (passing data to a power adapter which attaches to a port that can also pass data? Wow not like half the USB-charged devices on the planet do that!) and non-novel (acts as a security key like the metric shit-tons of USB fobs that have been on the market over the last decade).
"When information is power, privacy is freedom" - Jah-Wren Ryel
You miss the point of the patent. It's to prevent other people from doing something which reads on their invention. Not necessarily to implement it themselves.
That said, Apple will probably use this, but I doubt they will turn this into their default and only password recovery method. More likely, it will be an (expensive) optional add-on. This is direct in-house competition to all the crazy ways third parties offer to keep passwords secure for the Windows environment.
You have taken a patent and assumed how it will be implemented, and attacked that. Pretty much your basic strawman argument.
wrong. at least this time ;)
lots of good reasons for apple to do this. they want you to continue to use apple hardware and they have a lock-in effect going on. other than that mag-lock stuff, a power brick was a power brick. batteries are starting to be chipped/locked, but so far, I've not seen power sources be locked.
I bet we'll see that soon, though.
also, apple did this because they could, not because its a strikingly good idea for the world. you *can* send data comms along a power path and double-up on it. you *can*. but is there a good reason to? there sure is value in keeping power sources somewhat dumb. they push power (current) at you at a fixed voltage or voltage set. no need to crypto-up that path!
I bet there is also a patent defense plan here. anyone who wants to 'talk' along that path will probably get hit with an apple patent threat-suit, legit or not.
it does seem like a dumb idea, overall; but apple is getting a few things from this. its not about users. heh - lately, nothing is ever about the users (benefit).
--
"It is now safe to switch off your computer."
It's actually quite a good idea. If you forget your password you're not screwed, since you can unlock your device when you get home.
It's a good idea if you want joke security, and the passphrase screen most phones have is poor enough. I hope they won't allow this authentication method to bypass any full-disk encryption. It will be common knowledge among thieves and black hats that you can unlock an iShiny using the included power adapter that's usually plugged into the device when it's laying around. What could possibly go wrong?
"When information is power, privacy is freedom" - Jah-Wren Ryel
This is not a patent, this is an application publication. You can tell because it says "pub no" in the upper right corner instead of "patent no". For reference:
Link to publication from TFA
Link to a real patent (believe it or not)
TFA author can't tell the difference, which is incredibly obvious once you know what you're looking for. And a lot of applications never become a patent.
Now that the application has published, anyone who knows of any prior art might be able to let the patent office know about it if this application isn't examined before the new law kicks in September 16 this year. See the America Invents Act, section 8 (starts bottom of page 32).
This post expresses my opinion, not that of my employer. And yes, IAAL.
Ahh good, so if I'm traveling and take my laptop (a nice 17" MBP), I have to take a different power cable, because if I don't, someone can just use my power cord to get into my accounts. Since the only time I use my laptop is when I'm traveling, that effectively makes the power cord that came with it useless, and I get to pony up another $80 for proprietary Apple power cord.
The only way this wouldn't be a negative feature for me would be if it were entirely optional. Otherwise it makes my purchase *worse*.
Put it on a $2 USB dongle that I never have any reason to take *anywhere*. That actually makes sense.
--Jeremy
Jesus was a liberal