11
votes
Android is helping kill passwords on billions of devices
Link information
This data is scraped automatically and may be incorrect.
- Authors
- Lily Hay Newman, Lukasz Olejnik, Garrett M. Graff, Louise Matsakis, Brian Barrett
- Word count
- 775 words
I'd be curious to hear peoples thoughts on this. I personally love the idea in theory (especially if it is true that they are only storing it locally and not sending/storing it anywhere else) because in my mind its harder for a brute force to generate a copy of my fingerprint that it is to exhaustively guess what my password is. Plus it is definitely more convenient than having to remember a million passwords or even using a password manager. However, I have a bunch of red flags flying up about it in the real world. First being that (at least in the US) passwords are protected by the 4th Amendment whereas biometrics are not. So if you use a biometric password for anything, there is no protection from law enforcement forcing you to unlock your phone and an app they may have interest in. That's super scary to me. The second big red flag is having a single universal password, even if it is something as unique as your fingerprint. At least with a password manager, you still have unique passwords for all everything. If one password for one site gets compromised you're still pretty fine, if your master password gets compromised you're still screwed. With this, every password is your master password. Maybe someone who knows the tech better than me has some thoughts that would assuage those fears, or maybe I'm valid with my concerns. What do y'all think?
I'd be intrigued to see this in action. That being said, I'm also growing more hesitant of Google every day.
This is actually a layer I think is really interesting and want to peel back a bit! Do you feel better about password manager apps using fingerprints for master passwords seeing how your privacy should be their main concern? Or if Apple, given their better track record on wanting to protect user privacy? I agree that it gets harder and harder to trust google with every passing day.
I like the concept of password managers, as long as the information is encrypted in such a way that the company running the PM cannot retrieve that information. Currently, I do use my Google accoount/Chrome to store my passwords, because I'm stupid.
It's just on the tough side to migrate away from Google now because, for example, my Blackberry* password manager cannot import from a CSV, as far as I can tell, and doesn't support importing from anything except previous iterations of Blackberry password managers.
*: I use the Blackberry KEYone, for clarification and if anyone is curious.
I'm honestly pretty tempted to just write everything in a little notebook since my memory is abysmal. I'm usually on 2-3 password resets a week because l'm stupid. Though that'd be unencoded and really insecure if someone would find it lying around, but at least online people can't access it.
You could always write it in a code of some kind.
Making a code would take time to learn though and since my memory is bad l'll just end up forgetting the code :')
I would worry less about the law forcing you to unlock than the muggers who will now take your finger along with your phone.
Passwords are a poor solution to the problem of identity. My understanding is that FIDO2 is a fairly good step towards solving that problem. Personally I like hardware keys over biometrics but both work. It's not a perfect system - there is no such thing - but it's much better than the awful kludgefest that is password managers.
You can set up FIDO2 to require multiple sources of identity, so if someone swipes your hardware key or fingerprint they still can't get into your accounts. There are several layers of security and crypto involved, there's a fairly good primer on the tech here.
If you're worried about a master password unlocking everything - you have the same problem with your password manager already. Compromise that and they're into everything. Ultimately this "master key" problem won't ever go away, because to do so you'd have to seal your identity into a box even you can't get into, but it can be mitigated.
Thank you for the primer material! The company I work for is looking at using yubikeys but I haven't had time to read up on them yet (hurray for endless amounts of info to learn when onboarding!) I'll take a look at that today. I will say you're right that the master password being fingerprint vs master password is something I already face. I know its an issue and not one we have a solution for.
The way you explained it is exactly the way I think about it but didn't have the words to explain. I don't love the idea of tying security to my identity. I think some people are fine with it and more power to those people, but the concept makes me really uncomfortable. The lack of 4 Amendment protections definitely hurts the case for me a lot as well.
I've never had an app not force me to create a password first. My understanding is that the fingerprint acts like a password to a vault, where the real password is stored. If this isn't how it actually works behind the scenes, I can imagine it wouldn't be very hard to change it so this is how it works.
Ok. Maybe the wired article didn't make that clear, maybe they did and my half-asleep brain didn't comprehend that. I think that makes a lot more sense and makes me a lot more comfortable with the single point of failure concern. Thanks for the explanation of your experience! Sadly, my ancient iPhone isn't set up to do anything like that so its not even an option if I wanted to :(
How ancient is your iphone? If it can run ios 12 (which looks like an iphone 6 and later) it has integration with a number of password managers which work in a similar fashion.
Huh. I'm still on ios 11 on my iPhone 6. I'll have to take a look and see what's around. I'm not sure I'd like to use biometrics but I didn't even know it was an option for a password manager. Thanks!
I've done a little work in the security space from a business perspective, and there is one ABSOLUTELY fundamental issue that nobody seems to talk about it (until they fail an audit because of it).
What is your disaster recovery process?
In the case of a password, 'disaster' means someone obtaining your password (in whatever manner). The recovery process is to use alternate forms of proof and change the password.
In the case of a fingerprint... You are downright and utterly fucked. What are you going to do? Change your fingerprint? It is the reason why people have opinions like @FreeLunch that biometrics are identification - though what they are not is 'authentication', not just passwords.
This article seems to assume that all mobile phone owners are computer developers who buy cutting-edge technology as soon as it's released. However, we're not all interested in upgrading to bleeding-edge tech.
For instance, I'm just about to replace my smartphone that was released in 2015... with a different smartphone that was released in 2015. It's actually a slight downgrade in some ways rather than an upgrade (but I like other aspects of the new phone, so it's a nett improvement in my opinion). Neither the phone I'm replacing nor the phone I'm ordering have fingerprint scanners or face identification software or any of that gadgetry.
As for typing passwords in my browser... that almost never happens. Chrome stores all my passwords and automatically logs me in to my preferred websites - on my desktop computer and on my smartphone. So this FIDO2 would actually add a step, in that I would have to scan my fingerprint before then entering my password. Or I'll need to carry around a dongle and hope I don't lose it. It's extra trouble, rather than labour-saving.
So this is just going to pass me by. Admittedly, I'm not the target market for this sort of thing! :)