You might like

9 Responses to Ford KeyFree Login - should your smartphone automatically unlock all your passwords?

  1. RootyTooty · 1163 days ago

    Is this 2 articles merged together? It makes no sense. And GM has an OnStar app that does a whole lot of things, including starting the vehicle. Try to keep up!

    • Paul Ducklin · 1163 days ago

      It's one article. (You can tell by counting the number of headlines :-)

      Ford's app is trying to transfer the concept of vehicular-style keyless entry and control from your car to your social networking accounts. So the automotive connection here is largely metaphorical, as is my mention of friction and braking.

      (GM's OnStar app, on the other hand, really _is_ a car-control app. It doesn't manage your social networking presence. So it is neither behind nor ahead of this app from Ford. It's merely different.)

  2. Interesting idea, seen something similar in the past regarding keyfobs and USB keys which unlocked and locked based on proximity.____My question would be while this looks good in the home scenario how would this interact with a corporate machine?____If the software is keeping you logged in since your phone is near but your domain policy forces a lock after 20 mins, which one wins???____Could this compromise some of the controls in place within organisations?____If I use this for personal as well as work passwords, could I end up trying to log into a restricted site whilst at work?

    • Paul Ducklin · 1163 days ago

      One real risk I see - especially at work - is that frictionless social networking logins make it difficult to be circumspect on social networking sites. You'd always be a click away from posting stuff by mistake, even when your intention was merely to look and not to comment or endorse...

      The classic example of why autologin is bad on sites like Facebook and Twitter is clickjacking. If you get clickjacked on Facebook but you aren't logged in, the hidden "Like" button behind the clickjack image simply doesn't work. (A logged-out clickjack brings up the "You need to login" dialog, which not only prevents the clickjack but also alerts you to its presence.)

      With autologin...

      ...bad luck! You (or your company) just endorsed some shonky dietary supplement, or invited your followers to win a free iPhone 7 :-)

  3. Greg · 1163 days ago

    When approaching the computer does the mobile device require that you have unlocked (via password) the mobile device before transmitting the credentials to the computer? Thinking along the lines of if the mobile device was stolen.

    • Paul Ducklin · 1163 days ago

      You'd hope so, wouldn't you?

      And you'd hope that there is some kind of cryptographic handshake formally pairing your iPhone and your Mac (or whatever other devices) so that an unlocked iPhone won't simply replay the passwords to any other computer you might be able to set up yourself.

      Sadly, the app wasn't there when I looked - I got a Page en construction/ Page under construction notice when I visited this morning. (Hang on...yep, still like that now.)

      So I can't yet advise just what sort of protections and limitations have been built in. Or even if the app really exists :-)

  4. shine varghese · 1163 days ago

    i guess the assumption is that you would never loose your phone and laptop at the sametime.
    hmmm... i wonder.

  5. murphyslate618 · 955 days ago

    Wow. This is one of a kind app. Is it like a sensor or something? how is that even possible that it'll automatically lock and unlock your things? I do hope app development melbourne could use this as an inspiration on their next project.

  6. Its good little bit confusing too. i want to have this one further detailed. i will b thankful if i will have this favor.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog