Google warns users about password-breaking onslaught

Mirai said:
That's a hardware dongle. Autocad and other professional products used to work with those. There were ways to hack those too and one could even find hacked versions of AutoCAD where the code to check for that was disabled.

Of course you couldn't run pirated software in the industry in case you were audited.
Click to expand...

Yeah, I suppose one benefit of those dongles was that you didn't need to be always connected/online.

These days I use similar software and the licenses all require you to be online. Also most licenses are linked to a user login/email instead of a physical server/desktop which has it's pros and cons. Main con is we have to pay for more licenses in a big team instead of just having a few licenses linked to the 2-4 servers that the team is sharing. However with the user licenses we can use the software on any server/desktop of our choosing. No need to be locked to one device.
 
system32 said:
So I used my smart phone as it has a fingerprint reader to store the passkeys in a secure enclave (TPM)

Then my phone gets stolen/breaks.

How do get my account access back?
Click to expand...
If you are using TPM then passkeys are stored and synced.

I have 2FA enabled for TPM and can log into any sites with passkey from any device that has TPM installed.
 
Forum Reader said:
Yeah, I suppose one benefit of those dongles was that you didn't need to be always connected/online.
Click to expand...

Those were often used before the internet was a thing. They were not USB back then but PCI slot or even ISA slot based or maybe even serial or parallel port based. It also depended on the system as Unix/Irix systems from SUN Sparc, Silicon Graphics or IBM used possibly different slots but also used h/w dongles.

Even lately there was some use of dongles. I bought a relatively cheap program (Chinese made - Contec) with a hardware Holter recorder back in 2010 (for family use) and it came with a hardware USB dongle (SafeNet MicroDog) to run the software which would read and show you the ECG tracing over the 24hours you recorded it on. It seemed strange because without the hardware recorder the software was useless, it still needed a dongle to run.

I know that Adobe Premiere Pro would sometimes be locked to graphics card which came bundled with the program. If you took out the card you couldn't run the application.
 
Forum Reader said:
Yeah, I suppose one benefit of those dongles was that you didn't need to be always connected/online.

These days I use similar software and the licenses all require you to be online. Also most licenses are linked to a user login/email instead of a physical server/desktop which has it's pros and cons. Main con is we have to pay for more licenses in a big team instead of just having a few licenses linked to the 2-4 servers that the team is sharing. However with the user licenses we can use the software on any server/desktop of our choosing. No need to be locked to one device.
Click to expand...

Yeah it depends on the tool in question but this is why we often make use of service accounts depending on the use case.

Especially on stupid software that requires an administrator account to use up a license when they will never be using the product itself.

Wherever possible we have a service account “own” the product and in that way we can manage it without consuming licenses. Also usually means we have a break-glass method to get around SSO etc should there be a need.
 
So I should store my password/key on the same device I use to access the account? In a country where theft is rampant? That sounds insecure as ****.
 
AnimateX said:
So I should store my password/key on the same device I use to access the account? In a country where theft is rampant? That sounds insecure as ****.
Click to expand...

I mean only if your device has a PIN code like 1234.

I mean you say this but I’m willing to bet right now someone can source your password on the same device just as easily, or failing that complete a password reset.

Secure your devices properly. Still more secure than a Yubikey that someone could steal and use as they like no device required with no second layer of authentication.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X