Coffeehouse Thread

10 posts

USB over password? did i just missed something?

Back to Forum: Coffeehouse
  • User profile image
    magicalclick

    I thought it is common sense that USB is the last thing you want to touch in regards to security. And people actually trying to consolidate their password into a single attack surface on a USB device that can easily be cloned or modified or misplaced. On top of that, the famous power plant virus is USB based regardless how the system is build with high security protection. And not to mention it is also sounds a lot more reasonable to ask for new USB when it is physically misplaced, as a know some people tends to lost their keys a lot more than they forgot their password. I really don't know what is going on with these people.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    kettch

    @magicalclick: Is there a link or some context to go with this? It sounds interesting, but I have no idea what you are talking about. USB device as an authentication device? Storing passwords on a USB drive?

  • User profile image
    Duncanma

    There are a few products that do this... or can do this as an option: http://www.dobysoft.com/products/keypass/

     

  • User profile image
    magicalclick
    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    cheong

    I remember there's already software for Mac like 10+ years ago that use bluetooth device (headset or mobile phone, etc.) to do that. When the device is not within range (disconnected) that screen will lock immediately. When that devicee is within range again the screen is automatically unlocked. With old bluetooth's receiving range this is pretty nice help for people who keep forgetting to lock their PC when not in use.

    I suppose others can make similar application to work with RFID enabled staff cards.

    Recent Achievement unlocked: Code Avenger Tier 4/6: You see dead program. A lot!
    Last modified
  • User profile image
    kettch

    , cheong wrote

    I suppose others can make similar application to work with RFID enabled staff cards.

    Wasn't HP showing off something like that with the Spectre ONE and a phone? Or was it just with a tag. I'd prefer if I could tap my phone on an NFC sensor and then have the phone ask for a PIN before it let the PC unlock.

  • User profile image
    cheong

    Not exactly. I don't want to tap it. I wish it can unlock for me when I come near, so when my fingertips are on keyboard, it should be ready to work.

    I think it could be done with the RFID technology like the one on passports.

    Recent Achievement unlocked: Code Avenger Tier 4/6: You see dead program. A lot!
    Last modified
  • User profile image
    wkempf

    , magicalclick wrote

    I thought it is common sense that USB is the last thing you want to touch in regards to security. And people actually trying to consolidate their password into a single attack surface on a USB device that can easily be cloned or modified or misplaced. On top of that, the famous power plant virus is USB based regardless how the system is build with high security protection. And not to mention it is also sounds a lot more reasonable to ask for new USB when it is physically misplaced, as a know some people tends to lost their keys a lot more than they forgot their password. I really don't know what is going on with these people.

    You didn't understand the article. It's not "USB over password", it's USB key + password. This is two factor authentication, and it's more secure than simple passwords. Hijacking/cloning the USB key isn't going to get the hackers anywhere, so that's simply not a concern.

  • User profile image
    magicalclick

    @wkempf: oh my bad, my title is a misrepresentation.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    wkempf

    , magicalclick wrote

    @wkempf: oh my bad, my title is a misrepresentation.

    It was more than the title. The entire post was full of comments like "trying to consolidate their password into a single attack surface" and "that can easily be cloned or modified or misplaced". That's not how these USB authentication devices work. They just take the "something I have" role in two factor authentication. Losing the device, having it stolen, or having it cloned are all non-issues, at least from a security perspective. If you lose the device you will have to replace it and update all programs/services that you authenticate to, which could be a hassle. But the end result is better security.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.