“Luminescent device, that reveals user’s clear-text password, one at a time, in appropriate manner.” This kind of idea struck me as I was thinking about what I see as two cornerstone problems we still seem to have with tech: one is passwords, the other thing: lack of onsite 24/7 IT guy who would help us out – any second – with our technical problems.
Plan for features
- convenient form factor, easy to wear, doesn’t exhaust, nor requires specific active fiddling or placement once it is in place
- eliminates all or at least >90% of currently needed, time-eating manual operations with passwords such as their memoization
- mitigates (makes less) the problem with users tending to sacrifice password quality, due to good quality passwords being complex and long
- keeps user safer than they’d be without the solution
- should work well in tangent with the sleep / lock state of a laptop, “all in one”
- is not easily ‘forgotten’ in anywhere – no physical attachment is required to operate
- needs very little or zero power to be operated
- security of the solution is quantifiable
- shows only the authorized person the password (which implies a pre-auth – with some method – of the user at this point)
- becomes a personal assistant
- the correct password (to use) is shown every time
- has feature to help generate better new passwords
- helps regenerate weak passwords into better ones
- understands the context of what user most likely needs atm
- does not reveal security information, under any circumstance, to unauthorized people
- even if stolen, is useless for the attacker
- does not present information inadvertantly to, say, high-resolution CCTV (camera) which is recording, and located “shoulder-surfing” the user’s laptop screen
How the real benefits are given to users?
So the solution shall help the user daily. This is kind of easy to imagine, but may yet need a lot of thinking to realize the benefits.
Passwords are a daily thing for a few hundred million people. For sure, they will be used for some years to come. The disappearance of passwords has continuously been forecast, and that hasn’t happened. On my behalf there’s no single magic bullet that would eradicate all passwords suddenly.
However competing technology is on way. There’s a few goals these solutions might have:
- replace altogether need for passwords
- automate the practical daily operations of password
Authentication of a person relies on a combination of some of these three things:
- something you are (biometrics)
- something you know (passwords or PINs)
- something you have (devices)
Passwords have been the ‘you know’ -method. You just remember a password. With the solution we are describing, we are looking for a ‘you have’ solution, possibly however with the added ‘you know’: perhaps the device requires some sort of master key, a PIN?
Logging all password input entries, so the auditing becomes easier. You can easily search years after if a breach may have affected your security. All logs are timestamped.
Zero benefit for a captured device?
Are these kind of goals attainable?
Let me know your thoughts! And pass the Tweet, if you wish. Thanks for any output on this!