Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Internet of Things Is the Password Killer We've Been Waiting For

Posted by samzenpus on from the end-of-the-line dept.

jfruh writes: You can't enter a password into an Apple Watch; the software doesn't allow it, and the UI would make doing so difficult even if it did. As we enter the brave new world of wearable and embeddable devices and omnipresent 'headless' computers, we may be seeing the end of the password as we know it. What will replace it? Well, as anyone who's ever unlocked car door just by reaching for its handle with a key in their pocket knows, the answer may be the embeddable devices themselves.

8 of 124 comments (clear)

  1. I'm working on apps without passwords by GoodNewsJimDotCom · · Score: 2, Insightful

    In the app, you're always logged in once you register. Yes, I know it is a security breach, but so is losing your stupid phone.

    You enter your email to register. And if you ever change phones, you simply do what is commonly known as a "password recovery", but don't actually get a password, you just get perma logged in.

    Here's a secret for people who deal with hackers: Have the app generate a keygen unique to the phone: Time stamp it, time stamp it again on the first click, get the X/Y position, and you have a pretty unique code. Keep that code permanently with the installed app, so if they're banned and forget to uninstall your app, they're banned again. Also this key could be used to login automatically without even registering! But if they ever want to recover their account if they lose their phone, they should enter their email in the settings.

    --
    God spoke to me
    1. Re:I'm working on apps without passwords by AuMatar · · Score: 4, Insightful

      ANd if they want to use their account on multiple devices? On their actual PC? On a PC at a firend's house or library?

      And email recovery- laughable. If they lost their phone, which was almost definitely logged into their email, then they've lost everything.

      Please name your apps, so I can be sure never to use them.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    2. Re: I'm working on apps without passwords by Anonymous Coward · · Score: 2, Insightful

      Why would it be a failure? It's actually a pretty elegant security design that for example the GMail app uses as well by default:

      Attackers on other systems or from other apps cannot get to the password. This covers 99% of the risk.

      There's a residual risk: if other apps can break their jail to root mode, or if your system is remote exploitable - but in those cases you are likely hosed no matter what, and requiring password entry won't eliminate those threats.

      The best security design is the one that does not get in the way of productivity.

    3. Re:I'm working on apps without passwords by linuxrocks123 · · Score: 4, Insightful

      Dude, he's not running a f*cking bank. He's obviously talking about a system for some phone toy like Angry Birds. Do you care if I can get into your Angry Birds account? Probably not much.

      He's describing a system that is good enough for phone toys and things that require similarly low security. Like apparently Slashdot, which lets you perma-login with a browser cookie and redirects https to http rather than the other way around.

      --
      vi ~/.emacs # I'm probably going to Hell for this.
  2. RFID tags, obviously by penguinoid · · Score: 3, Insightful

    Just implant yourself with an RFID tag. As a bonus, it will also reduce the chance that a surveillance camera misidentifies someone as you.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  3. True, in a sense... by fuzzyfuzzyfungus · · Score: 4, Insightful

    In the sense that both 'the internet of things' and 'passwords' can be described as "an egregiously maldesigned and actively user-hostile security clusterfuck; typically bodged together by people who don't know, don't care, or both", I suppose that 'IoT' would be a worthy successor.

    In all other respects, what a load of tedious, meandering, bullshit to arrive at some vacuous generalities about a vaguely described non-solution.

    1. Re:True, in a sense... by gstoddart · · Score: 3, Insightful

      Yeah, the IoT is a lightweight proof of concept which nobody yet knows what to do with but are otherwise hoping catches on because it really sounds cool.

      The problem with being a lightweight proof of concept is there is pretty much zero security in them thus far.

      Derpa derp, internet of things, this is people spitballing about what it might be if it ever comes to pass.

      The internet of things isn't even as far as being a solution in search of a problem. It's a construct desperately trying to become real enough to try to have a solution in search of a problem.

      The only people who care about the internet of things are the people trying to tell us how awesome the internet of things will be.

      Using it for security? Not bloody likely.

      --
      Lost at C:>. Found at C.
  4. Not Looking Forward To This by Anonymous Coward · · Score: 1, Insightful

    I'm not looking forward to a world where computers are everywhere and in everything. It's bad enough every moron has a mobile phone stuck in their face whilst they walk. I don't want my stove talking to the fridge. I don't want reminders from the fridge the milk is low. I don't want my toaster sending illegal packets to Yahoo! and then getting blacklisted. No. Simply no.

    I want to use computers a tool when I want. I want to have to walk over to one like I do in my living room. I don't a world like Star Trek where I ask the computer stuff whilst I walk along. I like being human with all the constraints that come with being human. We can take this too far if we allow it.