If you hang out in fruit-friendly parts of the web – at CultOfMac, for example – you’ll have heard a fair buzz about a hands-free social networking password manager, based around the iPhone, from Ford.
Yes, you heard that right: Ford Motor Corporation.
Actually, that’s not as weird as it might sound at first. The automotive industry is at the forefront of contactless digital entry.
You can probably open and start your car, assuming you have one, more easily than you can get through the front door of your house. Yet modern cars are more secure and harder to twoc* than ever.
Sadly, Ford’s keyfree social networking product is only videoware at the moment.
The marketing video shows what looks like a keyless password manager in action and invites you to download it, but the URL it urges you towards is still just a Page Under Construction.
And at least some of the video looks like a mock-up: look for the configuration dialog which happily accepts the user’s keystrokes whilst unselected.
The idea is simple: you load your passwords onto your iPhone and – for as long as your iPhone is near your browser, and your browser is Chrome with the right plugin installed – you don’t need to type in your passwords at all.
Your phone talks wirelessly to your Mac (it’s a Mac in the video, at any rate) to supply the needed passwords automatically at the right time. As the narrator of the video enthusiastically explains:
Your smartphone is now your access key to every one of your accounts. Place your smartphone near your computer to unlock your accounts. Moving out of the room will automatically log off.
I particularly like the last part – the auto-logoff. I’m assuming the browser plug-in keeps polling your phone to make sure it’s still around, and clears your session cookies if it isn’t. That’s a fantastic feature.
But perhaps fantastic is the right word for the entire concept. That’s fantastic in the Oxford American Dictionary of English sense of “more appropriate to a fairy tale than to reality or practical use.”
I think that this approach, at least as it is presented in the video, is simply too easy.
If this were a contactless entry system for your car, it would be one which unlocked, started and automatically drove off in your vehicle every time you went near it. Worse, in fact: every time your keys were near it.
We’ve written numerous times on Naked Security about frictionlessness.
That’s the trendy social networking way of saying “in such a way that there are no pesky security warnings to click on first.”
Ironically, my advice is to take exactly the opposite approach to Ford’s password manager application:
1. Don’t get into the habit of automatically logging in to social media sites whenever you are at your computer. Login only when you actually want to use the relevant service, such as Liking an article or Tweeting a news item.
2. Don’t logout from social media sites only when you leave the room or finish using your computer. Logout as soon as you have finished your current transaction.
3. Don’t treat the additional friction caused by (1) and (2) as your enemy. Remind yourself how much safer modern cars are because of improvements in braking. And that’s all about increasing friction, not removing it!
Nevertheless, I would use an app like this if I could skip the autologon part and have just the automatic forced-logout feature. That would take me one step further than just locking my screen after N minutes of inactivity.
A screen lock stops other people doing stuff on my computer, which is important, but doesn’t stop already-running programs from doing things on my behalf behind the scenes.
*TWOC = Take Without Owner’s Consent. It’s the crime you commit when you nick a car to go joyriding. Technically, that’s isn’t stealing or theft, since you don’t intend permanently to deprive the owner of his wheels. It’s twoccing.