Monday, 4 December 2017

Friends do not let friends share passwords!

I recently blogged on the hassle of moving from one iPhone to another, and quite rightly people commented on the fact that it should not actually be that easy to do for good security reasons. My blog was very much done as a "typical end user" type rant.

At the end of the day, these devices are becoming critical personal devices that are our companions and providing security in a way we have to trust. The security they offer is way more than we ever had before. It is tricky when the device we trust is written by some company in a foreign land, and we don't have all of the details of how it works. We have to sort of trust them to keep security principles. I think, in most cases, they do, and a lot better than the alternatives. Even then we have to be cautious.

My old iPhone held a number of security details locked by fingerprint or long PIN, and the new phone does the same but using "face recognition". Both are a massive convenience. Convenience is good for security as that is what people will "do".

Now the end result is some things, on my phone, can get access based on that authentication, and in theory I could be forced to smile for the camera now, or previously submit a finger even if unconscious. It would allow some access to some things.

Even then, the company systems use a lot of two factor stuff, so the "authenticator" on my phone only works with a username (easy to guess) and a password (harder) and the authenticator. So we have quite a few barriers in place. This is actually better than the online banking on my phone, which trusts the phone for many things - but even that wants extra steps to send money to random new people.

Obviously I would never share any of my passwords with anyone, unlike MPs.

I appreciate the comments on that blog post though - they are correct in that the security is important. But a key aspect of security is making it usable for the masses. It has to be "convenient" to be used at all.

This is where the MP tweets come in - we see over the last few days that many MPs are fucking idiots, allowing access to anyone on their staff (including interns and temps) to their computers which may hold personal information. They may even be criminal in their actions.

To say it is related to porn use is distracting and why the hell can they not use incognito mode?

This is where systems need to make it easy to actually be secure. Things like fingerprints and face recognition go a long way. They allow me to be secure, and then only select the specific cases of say "inbox sharing" for email to specific staff to check and filter my email, etc, not general access to my computer. TBH I do not share my inbox - one day I may have a PA to handle it. If I was an MP, some trusted permanent staff may be there to filter email and post.

So in the case of changing iPhone, what do I want? Well, a simple, safe, SECURE, way to transfer all of that personal information for everything from email to banking (and an authenticator app), via local encrypted means, as part of the new phone set up. No iCloud or even iTunes backup. That would have saved me a lot of hassle. They manage to transfer the apple ID login details in some way that involves pointing the camera of one phone to the screen of the other, so why not all of this sensitive stuff?

But, just in case anyone has any doubts, all my staff and all my family know that passwords are never shared.

Friends do not let friends share passwords!

MPs take note.

15 comments:

  1. I recently changed between a Google Nexus 5X to a Pixel, and the phone prompted me to use a USB-C to USB-C cable between the phones, it transferred everything including passwords. Most seamless migration to a new device I've experienced :-)

    ReplyDelete
  2. whats wrong with an encrypted iTunes backup ?

    ReplyDelete
  3. You're assuming all your sensitive data isn't already being "backed-up" to the evil overlords...

    ReplyDelete
  4. Why would you-the-MP share a password when you can just share the files you want to? You wouldn't. But you are a non-techie, stuck with bloody Microsoft, and you can't share the files you want to without knowing exactly what you're doing. So you give the password to your staff, and it's one password for everything.

    And your staff already have the password to your Twitter feed, which you didn't want in the first place but Central Office tells you you have to have it, so just like your correspondence they do it in your name.

    ReplyDelete
    Replies
    1. I would argue the platform should be irrelevant here. Show me one email system that makes it easy for the end-user to delegate access rights to your inbox (apart from Outlook of course, where literally all you need to do is right-click on your inbox, click permissions and type someone's name in). It seems to be a problem that a lot of MPs have (needing to delegate email access), so it should be in IT's set up / handbook to begin with. IT could even configure it!

      At the end of the day it comes down to a training issue. Shall we let them use their personal email accounts to send official emails to foreign diplomats because learning a new email system when you start your new job as an MP is too difficult? We're entrusting these people with the running of the country. I don't think it's unreasonable to expect them to take some time to make correct use of a few systems.

      Twitter is another good example, as that allows delegation of accounts too.

      Delete
  5. Did most browsers have incognito modes in 2008?

    ReplyDelete
  6. When I worked for any Government Department it used to be a sackable offence to share your passwords with anyone else as all accountability would be lost. It was an offence under the Computer Misuse Act 1990. Hmmm... a sackable offence....MP's....there's a thought!

    ReplyDelete
  7. use wireless itunes backup and restore

    ReplyDelete
  8. Backing up / restoring encrypted to iTunes couldn't really be much easier and will move pretty much everything to the new device, including saved passwords, even if it's not strictly 'peer to peer'. If that's too hard, iCloud backup is probably the solution.

    Apple actually did a talk at Blackhat last year on iOS security - they're doing some pretty impressive stuff it seems. The key vault stuff in iCloud is especially cool - see https://youtu.be/BLGFriOKz6U

    ReplyDelete
    Replies
    1. I thought so, but for me no saved passwords were moved. In some cases usernames were.

      Delete
  9. The problem with biometrics is what if they get leaked. You can't change your facial dimensions (easily!) or fingerprints.

    ReplyDelete
    Replies
    1. Not really the point, is it? It is a matter of identifying *you*, and works for that. It has to be good enough not to be fooled easily. But there is no need to "change your fingerprints" ever, it is not like a password where the whole point is that it is secret, in fact almost the opposite, in that someone can see my face and recognise that it is me, and my face is not a secret.

      Having identified *you* a system may also want to validate other things, like something only you know (password), or something you have TOPT token or bank card, etc.

      Delete
    2. Do these things work? Facebook wanted to tag my son on a picture of me. And, apparently, everytime he posts a selfie, he has to untag me.

      Delete
  10. It's worse than that - you can't actually derive a proper key from your fingerprints. So any data "protected" only by your fingerprint must ultimately be stored unencrypted and accessible to a sufficiently motivated attacker: https://security.stackexchange.com/questions/42185/is-it-possible-to-reliably-derive-a-key-from-a-biometric-fingerprint

    ReplyDelete