Have you ever forgotten the login password on your MacBook?
Fortunately, there’s an option to receive a hint reminding you of what your password might have been.
Which is terrific, unless – of course – someone else is able to work out your password from that hint. Someone like, for instance, the guy who has just stolen your MacBook.
Let me give you an example. Imagine my password was “Doctor Who”. Admittedly, it’s not a very good password – but we know many people don’t choose passwords wisely.
And imagine that my password reminder hint was “The greatest TV show ever broadcast”.
Anyone who stole my laptop might be able to guess my password from the hint, or discover my love of “Doctor Who” via the breadcrumbs of evidence I’ve left across various message boards over the years.
Apple believes that many people choose “either not to use a password at all or to use a trivial password” because they worry about losing access to the computer if they forget their password.
And that’s a problem.
The New Scientist has uncovered a new patent from Apple that shows how a power cable could help users access their computing devices when they forget their passwords – and perhaps improve security.
Specifically, the patent aims to stop thieves of laptops, iPads and iPhones gaining unauthorised access to the portable computing devices.
The patent notes that although such devices are commonly stolen, thieves rarely also steal cables (perhaps because the owner of the device hasn’t taken the power adapter out with them – let’s face it, the battery life on the iPad is so good that you may not have to lug a power lead around with you.)
Apple’s idea is that a memory chip on your power charger could store information about your password – such as, for instance, an encrypted version of your password reminder hint.
That way, if you’ve forgotten your password you could just plug your laptop into the wall, to receive the secret password hint.
That all sounds kind of neat, so long as the bad guys don’t steal your power adapter alongside your computing device. And it would mean that rather than the current scenario of anyone who stumbles across my laptop being able to see my “greatest TV show ever broadcast” password hint, only those who have my power cable will know.
It’s not a lot of extra security, but it would make life somewhat trickier for opportunistic thieves.
Security is boosted further by another idea in the patent, which would require authentication from a network server before the password hint is served up. I can imagine, for instance, that the network server segment of the password reminder might only be delivered if the user has instructed Apple (perhaps via their Apple ID?) that they are attempting to recover their computer’s password – something you wouldn’t do if the device were in the hands of a thief.
What impressed me a little less were some of the other scenarios Apple describes in its patent. For instance, they detail how the technology could be used not just to provide a password reminder hint but to actually recover the password itself.
That could make it child’s play for someone sharing your house, or with access to your office, to break into your plugged-in laptop and cause mischief. No password guessing required!
Presumably Apple has included these less secure implementation methods to widen the scope of their patent, rather than because they think they are particularly sensible without additional authentication.
The patent goes into much more detail – explaining, for instance, that password information could be stored not just on power cables, but any type of peripheral device associated with the computer – your printer, an external monitor or a wireless router, for instance.
Whether we’ll ever see Apple incorporating this technology into their products remains to be seen. But as battery performance improves in computing devices, there might be an increased attractiveness in needing more than the laptop, smartphone or iPad itself to be reminded of your password hint.
As Apple says, “If password recovery can be provided in a convenient way, then the user is more likely to use a password, and protection will be increased.”
So, look forward to a possible future where you have to keep an eye on your power cable as well as your laptop.Follow @gcluley