Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Devise 2FA System That Relies On Taking Photos of Ordinary Objects (bleepingcomputer.com)

Posted by EditorDavid on from the confirmation-Kodak dept.

An anonymous reader quotes Bleeping Computer: Scientists from Florida International University and Bloomberg have created a custom two-factor authentication (2FA) system that relies on users taking a photo of a personal object. The act of taking the photo comes to replace the cumbersome process of using crypto-based hardware security keys (e.g., YubiKey devices) or entering verification codes received via SMS or voice call. The new system is named Pixie, and researchers argue it is more secure than the aforementioned solutions.

Pixie works by requiring users to choose an object as their 2FA key. When they set up the Pixie 2FA protection, they take an initial photo of the object that will be used for reference. Every time users try to log into their account again, they re-take a photo of the same object, and an app installed on their phone compares the two photos... In automated tests, Pixie achieved a false accept rate below 0.09% in a brute force attack with 14.3 million authentication attempts. An Android app is available for testing here.

82 of 138 comments (clear)

  1. cumbersome process of using crypto-based hardware by ChoGGi · · Score: 4, Interesting

    I go on the website I like and press a button on my yubikey, that seems easier then whipping out my phone and taking a picture every time...

    Probably why I setup my yubikey to also take care of my Steam login (instead of whipping out my phone).

  2. Parts of the body? by cervesaebraciator · · Score: 4, Funny

    the system doesn't restrict users and they can choose anything they want as their login trinket, from their watch to parts of their body

    Well, now we know what every guy will use.

    1. Re:Parts of the body? by Tablizer · · Score: 4, Funny

      Siri: "Sorry, that object is too small to use for identification purposes."

      --
      Table-ized A.I.
    2. Re:Parts of the body? by theskipper · · Score: 1, Redundant

      That's what I'll be using. But only if the algorithm can handle pictures that must be taken in panoramic mode.

    3. Re:Parts of the body? by sit1963nz · · Score: 1

      So THAT was what Anthony Weiner was doing, just trying to log into his phone. I can see how the mistake was made...

    4. Re:Parts of the body? by sit1963nz · · Score: 2

      Cold days may be a problem too...

    5. Re:Parts of the body? by PPH · · Score: 1

      Too many pictures of that out on the Internets already.

      --
      Have gnu, will travel.
    6. Re:Parts of the body? by Kjella · · Score: 1

      Cold days may be a problem too...

      If you try to authenticate outside in public that might be the least of your problems...

      --
      Live today, because you never know what tomorrow brings
    7. Re:Parts of the body? by jrumney · · Score: 1

      Well, now we know what every guy will use.

      Just make sure you don't misplace it.

    8. Re:Parts of the body? by FelixLaPubelle · · Score: 1

      Just post a drawing of a dick. As long as it has the ball hairs, it's got to be you.

    9. Re:Parts of the body? by Big+Hairy+Ian · · Score: 1

      Well, now we know what every guy will use.

      Now I need to get an erection every time I want to log in

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    10. Re:Parts of the body? by LesserWeevil · · Score: 1

      'Carlos Danger' now has an alibi of sorts. "But judge, I was just trying to do multi factor identification.. honest.."

    11. Re:Parts of the body? by cervesaebraciator · · Score: 1

      And here I thought you were referring to Archie.

  3. Re:cumbersome process of using crypto-based hardwa by 93+Escort+Wagon · · Score: 4, Insightful

    Not to mention that, whatever the object is, you’ve got to have it with you at all times - so pick carefully!

    --
    #DeleteChrome
  4. Re:cumbersome process of using crypto-based hardwa by rmdingler · · Score: 5, Funny

    Not to mention that, whatever the object is, you’ve got to have it with you at all times - so pick carefully!

    Right, perhaps a picture of your face or fingerprint, for example.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  5. Interesting, but... by YukariHirai · · Score: 2

    A low false accept rate is all well and good, but what's the false deny rate like? Also, I'm a bit dubious on tying authentication to a specific physical object. For all the problems with SMS 2FA, at least if something happens to my phone, I can replace it and it doesn't impact what I can and can't get into. If my authentication object gets lost or damaged, then what? "You can use a body part as your object," they say. Right, because nothing disfiguring can ever happen to those, they don't naturally change over time, and no-one's ever lost a body part.

    1. Re:Interesting, but... by gl4ss · · Score: 2

      the actual problem is that at least from the blurb the "app" compares the images.

      that's right, the app itself. not the 2fa authority ? this would be a huge problem..

      --
      world was created 5 seconds before this post as it is.
    2. Re:Interesting, but... by Calydor · · Score: 1

      Either the app tests it, in which case just the encrypted confirmation to the server needs to be broken, or the app sends tons of images to the server - and considering how big the images are on some cell phones, and only getting bigger, that'll eat through your data plan pretty quickly. Imagine having to upload 10 MB (maybe multiple times due to bad lighting, shaking hand or the like) just to log into Facebook.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    3. Re:Interesting, but... by TheRaven64 · · Score: 1

      There's no good way of doing this. Either the app compares them, in which case it's basically a U2F token where instead of pressing a button (optionally a fingerprint reader) you take a photo, which is a step backwards in usability, or the server compares them, in which case anyone who takes a photo of the object can now log in remotely without access to the thing.

      --
      I am TheRaven on Soylent News
    4. Re:Interesting, but... by kd3bj · · Score: 1

      The article gives a False Reject Rate of 4.25%, which I thought was annoyingly high. It seems they tuned their threshold to push down the false accept rate to 0.02% and just accepted the annoying FRR.

  6. Re:cumbersome process of using crypto-based hardwa by 93+Escort+Wagon · · Score: 4, Funny

    Wish I’d thought of that - I used my pet Boa Constrictor.

    --
    #DeleteChrome
  7. someone must have shit this out while drunk by gravewax · · Score: 4, Insightful

    This sounds like a completely brain dead idea. seriously how many objects around that people have with them everyday that you can guarantee are unique? not to mention the action of taking the photo basically reveals your 2FA to anyone in the vicinity.

    1. Re:someone must have shit this out while drunk by plopez · · Score: 1

      credit cards and drivers licenses come to mind :)

      --
      putting the 'B' in LGBTQ+
    2. Re:someone must have shit this out while drunk by gravewax · · Score: 1

      So basically something that is predictable, easily copied/faked and easily obtained from the user.

    3. Re:someone must have shit this out while drunk by duke_cheetah2003 · · Score: 1

      credit cards and drivers licenses come to mind :)

      Just your wallet itself might be good enough.

    4. Re:someone must have shit this out while drunk by plopez · · Score: 1

      No to mention uploading lots of personal information and spewing it across wifi on a regular basis ;)

      --
      putting the 'B' in LGBTQ+
    5. Re:someone must have shit this out while drunk by plopez · · Score: 2

      I'd have to get me wife to let me borrow it from time to time. ;)

      --
      putting the 'B' in LGBTQ+
    6. Re:someone must have shit this out while drunk by Darinbob · · Score: 1

      My guess is that this is not for casual use. Does a phone need that level of security? If you're not the president, then no. If you store passwords to other accounts on your phone, then there are other security actions that should be taken before 2FA. Put the 2FA on your bank account, not your social media.

    7. Re:someone must have shit this out while drunk by JonnyCalcutta · · Score: 1

      I don't have a mother so good luck with that Mr Hacker.

    8. Re:someone must have shit this out while drunk by TheRaven64 · · Score: 1

      It's worth noting that this was published in Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies. This is a brand-new journal, so all submissions are likely to be either bad work that can't get published anywhere else, from people who are submitting some of their second-rate work to help the journal get established, or from people who are betting that it will become well-known later and so submit something there in the hope that they'll retroactively end up with a prestigious publication. The total citation count for the entire journal is 5, currently.

      More importantly, it's a paper about a security technique that wasn't sent to a security venue. IEEE Security and Privacy now does a rolling submission and EuroS&P has just sent out the first round of reviews. Anyone with a really good security idea will have sent it to one of these venues. There are then a bunch of second-tier (but still respected) conferences where you'll get good reviews. This paper was carefully sent to a venue that was unlikely to have any reviewers with a background in security.

      None of this necessarily means that it's bad work: sometimes you get really good people at institutions that have no background in a particular field submitting work to the wrong kind of venue because they don't know any better. Unfortunately, this doesn't appear to be one of these cases.

      --
      I am TheRaven on Soylent News
    9. Re:someone must have shit this out while drunk by tsqr · · Score: 1

      credit cards and drivers licenses come to mind :)

      Both of these expire and get replaced periodically. And if a credit card is misplaced, the replacement has a new number.

    10. Re:someone must have shit this out while drunk by TheRaven64 · · Score: 1

      It's often problematic when you get work that's slightly outside the scope of competence for the publication. This is particularly common for security-related things. Most of the top conferences and journals have at least one person that they can ping to get a sensible opinion about security-related things. I often get security papers to review for a couple of computer architecture venues, because the set of people that know enough to have plausibly sensible opinions about things that overlap both is pretty small (and gets much smaller when you throw in compilers, which can be difficult when you need to find a non-conflicted reviewer). The Dunning-Kruger Effect is just as common in academia, so you'll often see reviews from someone with no security background on such a paper marking their confidence in their review as 'high' and be able to spot 5 easy attacks that completely by the time you get to page 2. My general view when I review these is that my knowledge of security is fairly small, and if I can tell your system is stupid then it's really stupid. Fortunately, I work with enough people that actually know about security that I can generally get a good answer about whether a security claim is at least broadly plausible.

      --
      I am TheRaven on Soylent News
  8. Re:nudies by Anonymous Coward · · Score: 2, Funny

    free willy !

  9. Re:Take a picture of President Trump by Tablizer · · Score: 1

    Hair today, gone tomorrow.

    --
    Table-ized A.I.
  10. my dogs are not ordinary by turkeydance · · Score: 1

    guess i have to pick something else. their leashes?

  11. "a personal object" by bistromath007 · · Score: 1

    dildos

    their entire server is full of pictures of dildos

    1. Re:"a personal object" by sit1963nz · · Score: 1

      Or a New Zealand Poltician http://www.nzherald.co.nz/nz/n...

  12. Two Questions by techdolphin · · Score: 1

    I have some questions about this.

    What happens if I lose the object or need to change the object I use for authentication? If I use my watch, what happens when I lose my watch or need to get a new watch for some reason? Can the picture be changed?

    If the authentication takes place locally, could malware be downloaded that defeats the authentication?

  13. Re:Take that HR dept by PPH · · Score: 1

    Hey look! Pictures of my junk.

    --
    Have gnu, will travel.
  14. The numbers don'r stack up by BeerCat · · Score: 1

    The summary states "a false accept rate below 0.09% in a brute force attack with 14.3 million authentication attempts."

    So, in that 14.3 million attempts, they still got in 12,870 times.

    --
    "She's furniture with a pulse"
  15. Re:cumbersome process of using crypto-based hardwa by Anonymous Coward · · Score: 1

    "whatever the object is, youâ(TM)ve got to have it with you at all times - so pick carefully!"

    Just take a picture of your phone.

  16. Uh by Anonymous Coward · · Score: 1

    In automated tests, Pixie achieved a false accept rate below 0.09% in a brute force attack with 14.3 million authentication attempts.

    14,300,000 x 0.09% = 12,870. How can it be said that a form of authentication is secure when it only requires less than 10,000 guesses before it flubs and accepts a false response.

  17. only 0.09% false positive. by viperidaenz · · Score: 2

    Their actual test says 4.5% false reject rate.
    They also say only 78% of people were able to successfully use their app to make an authentication.

    Needs some work.

  18. Re:cumbersome process of using crypto-based hardwa by JustAnotherOldGuy · · Score: 3, Insightful

    Not to mention that, whatever the object is, you’ve got to have it with you at all times - so pick carefully!

    This was the first thing that popped into my mind...what magical object must I always have available that isn't susceptible to being lost or stolen? And the answer is ....nothing.

    If the object is always available to be photographed, it must always be with you, no? And if it's always with you then it could get lost or stolen.

    I don't see how this is a solution to anything, frankly.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  19. Re: cumbersome process of using crypto-based hardw by Anonymous Coward · · Score: 3, Funny

    But then you would have to carry another phone to take a phone picture of your phone.

    Better yet, a mirror is less expensive, take a phone picture of your own phone.

    But what if others discover you authenticate with a phone picture of your phone? They could take a phony phone picture of a phone and blast! Phoned again!

    Phones!

  20. I like it by duke_cheetah2003 · · Score: 1

    Instantly made me think of Inception and the concept of a totem. So it's some personal trinket.

    In the absence of anything else good, I do like it. It's something you create (hopefully?), so I love that it has that aspect, so it should be as unique as you decide to be.

    It still has the disadvantage of being something someone else can take from you, or you can lose, but as one part of 2FA, having it taken shouldn't be much of an issue. Loss of the item really depends on how difficult it would be to replace.

    It is somewhat annoying that difficulty to replace the item directly correlates to it's usefulness as a unique totem. Optimally, your totem should be something you make yourself, and could recreate with relative ease, with minimal tools. Maybe everyone should take up enough wood carving to make their own unique little carvings. I think that'd actually be kinda neat.

  21. If you want this to catch on by duke_cheetah2003 · · Score: 1

    ...Be sure it's not just for smartphones. Throw PC and laptop users a bone too, make it so we could use a webcam on our PC/laptop to 'see' the object for usage in 2FA. OK? Good idea.

  22. False accept rate by Jim+Fenton · · Score: 1

    "has a false accept rate of only 0.09%"

    So that's about a 1/1000 false accept rate against a brute force attack, which is comparable to some biometrics. This actually isn't very good. A determined attacker will not just send random pictures, but will send pictures that they think the target of the attack may have used. This results on a much higher false accept rate.

    Even 1/1000 is marginal enough that substantial rate limiting is going to be needed to keep the account secure. Compare that against the security of, say, a 6-digit random one-time password (1/1 million).

    And as another commenter pointed out, it's not meaningful to talk about false accept rate without also talking about the false reject rate.

  23. Re:STOP CALLING THIS 2-FACTOR! by Jim+Fenton · · Score: 1

    Indeed. The objects shown in the illustrations aren't secret, and aren't unique. If you're calling the object "something you have" and the camera angle "something you know", anyone with the same watch (for example) satisfies the first of those.

  24. Re:cumbersome process of using crypto-based hardwa by bhcompy · · Score: 1

    Not to mention that, whatever the object is, you’ve got to have it with you at all times - so pick carefully!

    Like, say, the RSA token I carry for 2FA?

  25. Re:cumbersome process of using crypto-based hardwa by 93+Escort+Wagon · · Score: 3, Funny

    Use a photo of your Yubikey!

    --
    #DeleteChrome
  26. Re:cumbersome process of using crypto-based hardwa by Anonymous Coward · · Score: 1

    You could use a picture of your phone! You have that with you all the time!

    Oh wait...

  27. Meh. They should use something truly unique by johannesg · · Score: 2

    Like a blood sample. So every time you want to log in to funnycatpictures.com and post to its mighty forum, you just jab a needle in your vein for a second and let the analyser do its thing.

    Seriously, could they come up with any idea more stupid than this? It requires you to carry a specific object with you, and to never ever lose that object. The pattern matching must be fuzzy enough that the same object shown in different lighting, under different angles, etc. is still allowed, but strict enough that a similar object is not. And it must allow for differences in background as well.

    And of course your security is shot if any of your photos is captured. Or if another of your (public) photos accidentally reveals the item. So let's see: it must be something you always carry with you, yet isn't visible on any public photos. Your underwear, maybe? I can just see myself logging in in the local Starbucks...

  28. Ob by Hognoxious · · Score: 1

    Tits or GTFO!

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  29. Re:cumbersome process of using crypto-based hardwa by Anonymous Coward · · Score: 1

    Wooosh....!

  30. Re:cumbersome process of using crypto-based hardwa by michelcolman · · Score: 2

    Even worse, if someone sees you take a picture of, say, that particular keychain doll you have, they can go onto amazon and order the same item.

  31. Re:cumbersome process of using crypto-based hardwa by michelcolman · · Score: 1

    No, better pick something that has the same shape regardless of temperature.

  32. Re:cumbersome process of using crypto-based hardwa by SomeoneFromBelgium · · Score: 1

    Well I would personally also prefer for you to touch you yubikey instead of whipping out your phone to take a picture of your ... personal thing...

  33. Re:cumbersome process of using crypto-based hardwa by JonnyCalcutta · · Score: 5, Funny

    Yeh, me too. Now I've been arrested for indecent exposure.

  34. really? by SuperDre · · Score: 1

    how is this much better than using an authenticator or an extra password/sms?
    This is really one of the dumbest ideas I've heard.. So what do I do if I don't have the object near me? and do I have to photograph is everytime from the same angle?

    1. Re:really? by Whibla · · Score: 1

      William Gibson called, and Johnny Mnemonic wants his pictures back!

      But, speaking of pictures, how does the system deal with pictures of pictures? Keep picture of SO in wallet, use picture of picture as your key. Seems like this might have some potential tbh, especially if you're careful in how you frame the background (as a "3rd factor").

      Admittedly I can't see myself using it, way too much faff, and relies on my having my phone with me when I want to access w/e it is I'm trying to access. Can't think of much worse than 'having' to do that. Next I'd be expected to answer it.

  35. Re:STOP CALLING THIS 2-FACTOR! by Godwin+O'Hitler · · Score: 1

    I am a horse with a staple who knows a correct battery when he sees one.

    --
    No, your children are not the special ones. Nor are your pets.
  36. Re:cumbersome process of using crypto-based hardwa by TheRaven64 · · Score: 2

    Or if someone compromises an app on your phone with camera permission (or simply persuades you that this free game that you want to play needs camera permission) and takes a photo, they can then use the same photo.

    I'm too lazy to RTFA, but the description in TFS is a bit confusing: are the photos really compared on the phone? If so, how do they communicate with the server, do they just speak the U2F protocol? If so, they've just replaced a button with the need to take a photo, which doesn't sound like much of a UI improvement. If they're comparing the photos on the server, then simply copying the photo makes it trivial to launch remote attacks.

    --
    I am TheRaven on Soylent News
  37. Re:Take a picture of President Trump by Killall+-9+Bash · · Score: 1

    Hillary's going to jail.

    --
    "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
  38. Re:cumbersome process of using crypto-based hardwa by nine-times · · Score: 1

    Also, the object could get stolen, or you could break it and it might get damaged in such a way that it no longer registered.

    Plus, it's a bit conspicuous to take a picture of something, so other people are going to figure out what your token is. Once I know you're using your watch as your token, could I buy an identical watch and spoof it? Could I use a picture of your watch instead of the actual watch? Could I just use a picture of the same watch model, without having to buy an identical watch or stealthily take a picture of your watch?

  39. Re:cumbersome process of using crypto-based hardwa by nine-times · · Score: 1

    This was the first thing that popped into my mind...what magical object must I always have available that isn't susceptible to being lost or stolen? And the answer is ....nothing.

    I can see a bunch of problems with this idea, but I don't think what you're saying is a serious problem. Any authentication method that's "something you have" has the danger of being lost or stolen. I carry my keys, wallet, and cell phone with me everywhere, and I've never had any of those things get lost or stolen. Admittedly, I may just be lucky that I never ran into a good pick-poket, but still, those things don't get lost or stolen every day.

  40. Re:cumbersome process of using crypto-based hardwa by MTEK · · Score: 1

    Have any unique tattoos? (preferably w/out having to take your shirt or pants off?)

  41. Re:cumbersome process of using crypto-based hardwa by ctilsie242 · · Score: 1

    If a 2FA device has some means of communication to the site that is authenticating, 2FA is trivial. Just like with Google, Blizzard, or Duo... when you log on, your phone pops up (login attempt detected... Allow/Deny), you hit "allow", and you are in.

    It would be nice if there were an open standard for this, with the site wanting authenticating storing a public key, and the 2FA device generating and storing a private key onboard. Right now, we have an open standard for shared secrets, but it would be nice to move to a public/private key standard, so a compromise of the server requesting authenticating gives little help to an attacker.

  42. Bet you can fool this by barbariccow · · Score: 1

    Just like iris scanners can be fooled with a picture of someone's eyes... betchya a picture of said object can be the key.

    1. Re:Bet you can fool this by kd3bj · · Score: 1

      They do liveness detection with iris (except in the movies) so quality iris biometric systems are _not_ fooled by a picture. This doesn't seem like a possible countermeasure with an inanimate trinket.

  43. Time by fluffernutter · · Score: 1

    Use a picture of your wristwatch and only you will know what two times of day you can log in! Mwaahaha.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  44. Re:Take that HR dept by mnemotronic · · Score: 1

    Great. I'm gonna need a bigger camera.

    --
    The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
  45. privacy by mrwireless · · Score: 1

    This allows services to learn more about your smart phone and, potentially, your surroundings.

  46. Re:cumbersome process of using crypto-based hardwa by JustAnotherOldGuy · · Score: 1

    Any authentication method that's "something you have" has the danger of being lost or stolen.

    Yes, that's exactly my point.

    I carry my keys, wallet, and cell phone with me everywhere, and I've never had any of those things get lost or stolen. Admittedly, I may just be lucky that I never ran into a good pick-poket, but still, those things don't get lost or stolen every day.

    Yes, they do.

    You're lucky and/or careful. Thousands of people lose one (or more) of those things every single day. Have you ever seen the lost cellphone bin at an airport? It's a highly-controlled environment and yet thousands of people lose their phone, keys, wallet, passport, etc in airports all the damn time.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  47. Re:cumbersome process of using crypto-based hardwa by JustAnotherOldGuy · · Score: 1

    Have any unique tattoos? (preferably w/out having to take your shirt or pants off?)

    Nope, and I don't plan on getting any.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  48. Re:Your other hand. by JustAnotherOldGuy · · Score: 1

    I only have one hand, you insensitive clod!

    --
    Just cruising through this digital world at 33 1/3 rpm...
  49. Re:cumbersome process of using crypto-based hardwa by nine-times · · Score: 1

    those things don't get lost or stolen every day.

    Yes, they do.

    My point is, it doesn't happen to any particular person every day. If you're losing your wallet and keys every day, then you're going to have all sorts of problems.

  50. Re:cumbersome process of using crypto-based hardwa by JustAnotherOldGuy · · Score: 1

    My point is, it doesn't happen to any particular person every day.

    Be real- you only have to lose any of these things once for it to be a problem, even more so if they serve as a login validator.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  51. Re:cumbersome process of using crypto-based hardwa by nine-times · · Score: 1

    Sure, it's a problem, but that doesn't mean it's a disqualifying problem. People lose their keys sometimes, but that doesn't lead us to say, "Well we can't use keys anymore!" People's wallets gat stolen sometimes, but they're still generally a decent solution to a problem. People forget passwords, passwords get compromised, but we still use them.

    There are going to be problems and flaws with every security scheme, but the purpose of security is not to be perfect. If you set out to create a security scheme that always 100% provides authorized users with access while always 100% denying access to unauthorized attackers, you're going to fail. The point is to balance "ease of access by authorized users" against "making unauthorized access difficult and dangerous". And that balance needs to be determined by the danger of security being compromised, which is to say that it might be appropriate to force someone with clearance to jump through a bunch of hoops to view a top-secret document, but I probably shouldn't have to jump through as many hoops to access my own MP3 collection.

    So yes, "something you have" can be lost or stolen, but that's ok. You just need to make sure you can get a new copy of the "something you have" and revoke authorization from the one that was lost. For systems that needs a high level of security, you might want to have additional factors for authentication (e.g. biometrics and/or passwords).

  52. Re:cumbersome process of using crypto-based hardwa by JustAnotherOldGuy · · Score: 1

    Sure, it's a problem, but that doesn't mean it's a disqualifying problem.

    Then feel free to participate as enthusiastically as you like. I'll pass.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  53. Re:cumbersome process of using crypto-based hardwa by nine-times · · Score: 1

    Great. Disregard any security measures that don't offer perfect security. See how far that gets you.

  54. Re:cumbersome process of using crypto-based hardwa by JustAnotherOldGuy · · Score: 1

    Disregard any security measures that don't offer perfect security. See how far that gets you.

    Don't put words in my mouth, you petulant little asswipe.

    --
    Just cruising through this digital world at 33 1/3 rpm...