Sophos Cloud Optix
Have you ever forgotten the login password on your MacBook?
Fortunately, there’s an option to receive a hint reminding you of what your password might have been.
Which is terrific, unless – of course – someone else is able to work out your password from that hint. Someone like, for instance, the guy who has just stolen your MacBook.
Let me give you an example. Imagine my password was “Doctor Who”. Admittedly, it’s not a very good password – but we know many people don’t choose passwords wisely.
And imagine that my password reminder hint was “The greatest TV show ever broadcast”.
Anyone who stole my laptop might be able to guess my password from the hint, or discover my love of “Doctor Who” via the breadcrumbs of evidence I’ve left across various message boards over the years.
Apple believes that many people choose “either not to use a password at all or to use a trivial password” because they worry about losing access to the computer if they forget their password.
And that’s a problem.
The New Scientist has uncovered a new patent from Apple that shows how a power cable could help users access their computing devices when they forget their passwords – and perhaps improve security.
Specifically, the patent aims to stop thieves of laptops, iPads and iPhones gaining unauthorised access to the portable computing devices.
The patent notes that although such devices are commonly stolen, thieves rarely also steal cables (perhaps because the owner of the device hasn’t taken the power adapter out with them – let’s face it, the battery life on the iPad is so good that you may not have to lug a power lead around with you.)
Apple’s idea is that a memory chip on your power charger could store information about your password – such as, for instance, an encrypted version of your password reminder hint.
That way, if you’ve forgotten your password you could just plug your laptop into the wall, to receive the secret password hint.
That all sounds kind of neat, so long as the bad guys don’t steal your power adapter alongside your computing device. And it would mean that rather than the current scenario of anyone who stumbles across my laptop being able to see my “greatest TV show ever broadcast” password hint, only those who have my power cable will know.
It’s not a lot of extra security, but it would make life somewhat trickier for opportunistic thieves.
Security is boosted further by another idea in the patent, which would require authentication from a network server before the password hint is served up. I can imagine, for instance, that the network server segment of the password reminder might only be delivered if the user has instructed Apple (perhaps via their Apple ID?) that they are attempting to recover their computer’s password – something you wouldn’t do if the device were in the hands of a thief.
What impressed me a little less were some of the other scenarios Apple describes in its patent. For instance, they detail how the technology could be used not just to provide a password reminder hint but to actually recover the password itself.
That could make it child’s play for someone sharing your house, or with access to your office, to break into your plugged-in laptop and cause mischief. No password guessing required!
Presumably Apple has included these less secure implementation methods to widen the scope of their patent, rather than because they think they are particularly sensible without additional authentication.
The patent goes into much more detail – explaining, for instance, that password information could be stored not just on power cables, but any type of peripheral device associated with the computer – your printer, an external monitor or a wireless router, for instance.
Whether we’ll ever see Apple incorporating this technology into their products remains to be seen. But as battery performance improves in computing devices, there might be an increased attractiveness in needing more than the laptop, smartphone or iPad itself to be reminded of your password hint.
As Apple says, “If password recovery can be provided in a convenient way, then the user is more likely to use a password, and protection will be increased.”
So, look forward to a possible future where you have to keep an eye on your power cable as well as your laptop.
Ummm, ever heard of biometrics like a finger scanner? Let me guess, Apple doesn't support that because St. Jobs didn't "invent" it.
Actually the patent does discuss how the power cable could use biometrics for authentication.
Of course, as with all biometrics, you have something of a problem if the computer belongs to your recently deceased family member. Weekend at Bernie's anyone?
Do you really think people will buy a password remembering power cable so they can ensure laptop access in the event a family member dies? I don't but that would make for a fun commercial. No, this is standard Apple "not invented here so we won't use it". Biometric technology is readily available TODAY for people not to have to remember password, why wouldn't Apple just use it?
I'd love to see that commercial.
Apple has also been filing patents for presence detection and face recognition for their tablets and phones. It looks like one of their ideas is to have the phone recognise its owner and that capability would lend itself to authentication.
So 'invented at Apple (and Polar Rose)' biometrics could be on their way.
M.
Along the right idea I suppose. However, I'd recommend using your smart phone to automatically store passwords/other information via the cloud instead of a power cord which has been pointed out, would be stolen along side the system knowing that this would quickly become common security practice. It would become much more difficult to steal someone's phone and laptop at the same time.
Am I missing something? Why would a thief need the password unless you have enabled encryption?
Great, more patents to take people to court with.
“Of course, as with all biometrics, you have something of a problem if the computer belongs to your recently deceased family member. Weekend at Bernie’s anyone?”
Same problem exists if some one dies taking their password with them! Surely?
And what if I write the password of the hint on a postit on the power adaptor? Sounds a tiny bit easier and cheaper… (But would Apple sue me for this?)
Always entertaining, Graham! See you at RSA?
What if they stole the cable…
multi-level multi-directional authentication perhaps – biometrics e.g. or if it’s the case of weekend at bernie’s, then face authentication (e.g. new android phone) or pattern recognition – oh no – apple products are more concerned about ‘look’ than ‘security’. never mind – anyways, a good thing is to have a multi-dimensional security access including the power cords, some secure USB dongle (remember 90s and early 2000’s where some softwares won’t work without a dongle), biometrics, patterns and recognitions
on the flip side, looks like apple is more concerned about registering patents – darn, samsung is in for another legal battle …
Reposting from Google Plus: How is this all that different from a Windows recovery disk/USB key/dongle? If anything, it’s LESS secure, since you’ll need to use your power cord at home, work, or on the road, exposing it to misuse, whereas a dedicated recovery key can be physically secured much more effectively.
Actually, the more I think about this the more strange it is. Rarely stolen power cords? Most of the laptop thefts I handle include the bag, cords, tokens–the whole enchilada. (It *does* make more sense for tablets.)
Here’s a better idea: Preboot authentication (Honeycomb has it) and online or over-the-phone self-service password resets (largely after market, but widely available).
That is an interesting idea there I think no one has a patent out on that and I think Sophos should patent it good thinking Graeme
this is most likely suitable for lazy minded people, the sort of people that are a real security risk to any organisation, this is a step forward, but i think some sort of chip should also be included to zap these sorts of people with a couple thousand volts every time they try to use a stupid lazy password too, that way it be a real incentive to make sure they use a good one, not only that it would I beleive it would add much needed entertainment value to those of us that do indeed take proper precautions and use a proper passphrase (nice long strings 15 chars or more) have to suffer the consequences of these lame brains, come to think of it this may have a desired side effect of expiditing the depletion of the battery making it less useful to the thief too….. food for thought anyway
Wouldn't it just make the power cable a target as well? What's wrong with writing the password down on a piece of paper and storing it somewhere at home? Sticky note hidden somewhere so that if you did forget you get get the piece of paper.
Also – They shouldn't be able to tell you what your password is – The Mac itself should only store an one-way hash, right?
You can reset it if I have authenticated you, but I can't tell you what it is / was (other than the garbled hash) anyway…
A dongle in disguise is an invention?
at wikipedia: Software protection dongle first use circa 1980. + 17 years = expired
A small step in the right direction.
Does anyone here know just how easy it is now to reset a forgotten password? It doesn't matter how good a password is when all you need is a install disc (or now with Lion nothing its built right in), and you favorite search engine. And anyone can get in with in seconds. That is worse then secure. So any added steps to make it just a little harder has my vote!!
But a power card? Really Apple!!! How much issues have the MagSafe adapters had. As a Apple Certified Macintosh Tech I can say that is the wrong way to go.
This could be a security risk though. People may steal your smart power cords just to break in to your system files. This will also be much more expensive on retail.
Er, but I use lots of different chargers for my iPhone and iPad, one in the study, one at the office, one in the bedroom, one in the car. If I owned a Mac, I probably would charge it in fewer places, but still remembering which cable came with which device and has which password reminder in it sounds like monumental faff to me.
The only benefit i see of this that it makes the cable more expensive. As many people have already said, there are plenty of proven ways of doing this sort of thing already.,