-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: How impressed have you been with the 2026 Amazon Prime Day deals?
Passwords on the fly
- Thread starter rpm
- Start date
mancombseepgood
Executive Member
Yep - cellphone theft will put a spanner in the works - now everything you log into will be compromised...
Besides, why reinvent the wheel... what about OpenID?
True. Putting a password on the app would help! At least its only one to remember.
Two possible solutions:
Get a biometric finger reader - you save each password once for all the websites you
visit and then you simply login using your finger.
WayneT
www.sapetregister.co.za
Get a biometric finger reader - you save each password once for all the websites you
visit and then you simply login using your finger.
WayneT
www.sapetregister.co.za
This is similar to ABSA's sms system- you log in and then need to enter the temporary pin from your cellphone (which gets sms'ed to you after the login) before you can continue.
But it's really not a bad idea... it takes quite a system to render all of this useful, but it should work quite nicely.
But it's really not a bad idea... it takes quite a system to render all of this useful, but it should work quite nicely.
Seems that you have to trust one company with your passwords now.
What if the local mobile tower is down or their server is broken,
then you're stuck. What if the company is targetted. Will they promise to run military grade encryption and security measures at their datacentre?
Will they be open for audit?
A seperate clean pda or laptop with some strong encryption software and backup sounds better. Or just have your passwords garbled in a large text file,
which could be encrypted too. You could use your birthday or telephone number as a guide to which words are passwords or not etc.
I distrust apps which promise to hold my passwords or online services claiming to do so.
gpe
Senior Member
Or you can just store your user names & passwords on your cellphone in a text file / secure java app 
The solution for most people is to write down these details or save them in a text document on their computers. But this is insecure and, as anyone involved in IT will tell you, a terrible idea.
Bruce Schneier offers Password Safe free ...
http://www.schneier.com/passsafe.html
The solution for most people is to write down these details or save them in a text document on their computers. But this is insecure and, as anyone involved in IT will tell you, a terrible idea.
Bruce Schneier offers Password Safe free ...
http://www.schneier.com/passsafe.html
kilps
Expert Member
Speaking of OpenID ... rpm can't we use that to login here? 
mancombseepgood
Executive Member
Speaking of OpenID ... rpm can't we use that to login here?
+1
http://www.vbulletin.org/forum/showthread.php?p=1200342
slayerza
Senior Member
It seems that no matter what you try there is always a single point of failure in digital security. I like the biometrics although if the biometric data is compromised you don't have an unlimited supply as is the case with passwords.
The moment you can use a fingerprint on ATMs the market for chopped off fingers will be booming
The moment you can use a fingerprint on ATMs the market for chopped off fingers will be booming
Hi guys,
Seems there's a spot of confusion as to how to Fireflight works, and in fairness, it's not very well documented at this time.
Briefly:
1) Fireflight doesn't store any passwords of yours, it is able to replace common static passwords with one-time-passwords
2) You don't need to trust Fireflight as your passwords are not stored or handled by the company
3) Each authentication vector defines it's own security strength (i.e. a bank will have stricter requirements than a forum on the internet)
4) Fireflight does not use SMS or any kind of network traffic, cellular connectivity is not used
5) The application prompts for a PIN every time it is launched, and the PIN is used to self-encrypt the application
6) All authentication tokens issued to you can also be suspended so that they will no longer work if your phone is lost or stolen
7) Fireflight generates OTPs using the industry standard and publicly vetted methodologies and enryption algorithms accepted by the OATH organisation and US FIPS standards
8) Fireflight will launch with a FireID token bundled, free to the consumer, which will allow you to login to any OpenID enabled website using Fireflight generated OTPs -- look out for a partnership with ClickPass.com as well to make this even easier
Hope this clears some things up!
Seems there's a spot of confusion as to how to Fireflight works, and in fairness, it's not very well documented at this time.
Briefly:
1) Fireflight doesn't store any passwords of yours, it is able to replace common static passwords with one-time-passwords
2) You don't need to trust Fireflight as your passwords are not stored or handled by the company
3) Each authentication vector defines it's own security strength (i.e. a bank will have stricter requirements than a forum on the internet)
4) Fireflight does not use SMS or any kind of network traffic, cellular connectivity is not used
5) The application prompts for a PIN every time it is launched, and the PIN is used to self-encrypt the application
6) All authentication tokens issued to you can also be suspended so that they will no longer work if your phone is lost or stolen
7) Fireflight generates OTPs using the industry standard and publicly vetted methodologies and enryption algorithms accepted by the OATH organisation and US FIPS standards
8) Fireflight will launch with a FireID token bundled, free to the consumer, which will allow you to login to any OpenID enabled website using Fireflight generated OTPs -- look out for a partnership with ClickPass.com as well to make this even easier
Hope this clears some things up!
mancombseepgood
Executive Member
Fireflight utilises similar principles, except you can use Fireflight for lots of different authentication points and vectors (i.e. lots of different companies, websites, etc).
The consumer will not pay anything for it -- the mobile phone software will be free to the consumer. The cost will be born by the companies that want to be Fireflight enabled.
wcoetzee
Expert Member
firefox+foxmarks works just fine for me
passwords for inet banking, e-filing ect. is better not stored digitally
but yes, this is a different type of security scheme. once fully operational and widely used, will make remembering passwords a thing of the past.
passwords for inet banking, e-filing ect. is better not stored digitally
but yes, this is a different type of security scheme. once fully operational and widely used, will make remembering passwords a thing of the past.
mancombseepgood
Executive Member
Ok - well I am interested - what kind of money and who do we speak to? I'd seriously like to consider this for our intranet - needs to be accessed from different countries - some low bandwidth, some high. We currently use RSA SecureIDs but they are pretty costly and tend to get lost from time to time.
Nail on the head! Fireflight should be cheaper, easier to deploy, less likely to have the problems like lost or broken physical tokens, etc. Just drop a mail to [email protected].
