malice
February 26, 2016, 12:42am
1
Since there is only one password on the safe network for everything, it means that anyone able to get it have access to literally every of your data, as well as all your money ( safecoins) and personal info, etc…
I think compared to the current system this has obvious advantages but it also has some downsides, for example a hacker that would get access to one of your account today would be able to get the jackpot on the safe network.
So to me it seems very important to have a solution like trezor where you can create a pin/password and login securely even on an infected machine.
What do you guys think?
4 Likes
neo
February 26, 2016, 12:51am
2
You may wish to read up on these topics. This topic has been well discussed.
A good idea is to search the forums first
There is no way to retrive one’s data if one’s account details are compromised or lost correct? And even if one sets up account recovery with a third party that’s of limited use. Now what if one is unwittingly victim of a keylogger attack. Many computers are victims of rootkits these days and it’s not inconceivable that hardware manufacturers would be unscrupulous and install backdoors into their products. Or the gov’t could get ahold of your machine somehow, or it could otherwise be co…
I mentioned this on another thread - but it is probably worthy of it’s own discussion.
Could we build a SAFE account just to guard our credentials for our real SAFE account?
So - I log into SAFE with username password, PIN, and that could bring up an app that has a visual quiz that is keylogger resistant… Select on the 3 pictures that you uploaded out of the 20 displayed for example. Passing the quiz would log you into your real SAFE account. The first one is just an account to hold your a…
** problem ** the MAID is safely stored in the users head, but a key logger on your own machine or the machine in a public space could easily capture your login data and give access to all your information.
This follows from the two lengthy threads "DOS attack’ and ‘proof of unique human’, so I thought it best to start a fresh topic.
** partial solution 1** the use of external ‘trustworthy devices’ to authenticate.
Trezor (http://www.bitcointrezor.com ) for the bitcoin wallet is interesting;…
I have original factory install Win 7. I disabled the update feature a while back. Today I got this incredibly dishonest message from Microsoft in the form of a bright Yellow Danger Triangle (like a hazard button on a car dashboard) Stating: “Optional Update Delivery is Not Working, YOU MAY BE THE VICTIM OF SOFTWARE COUNTERFEITING To use all Microsoft Windows (reg) such as updates from Windows Update; get the latest updates; and receive product support, your copy of Microsoft Windows (reg)…
When someone signs into their account, random pictures could be generated. That person would then look for their predetermined picture. Below that picture would be a randomly generated pass code. That pass code would then be a one time use code used to login to their account.
And plenty more
1 Like
Warren
February 26, 2016, 1:26am
3
MS totally sold out, its become part of prism.
1 Like
@malice :
Since there is only one password on the safe network for everything, it means that anyone able to get it have access to literally every of your data, as well as all your money ( safecoins) and personal info, etc…
For this reason it would be wise to segregate your data in the short term, having different accounts for different purposes. Not all your Safecoin in one place etc.
In time, other ways of mitigating these risks will be developed, including hardware keys as you suggest. It is an important point you raise, and it will be dealt with, I’m sure of that.
5 Likes
4M8B
February 27, 2016, 8:07pm
5
Onetime pass with offline (hardware) signing like ‘trezor or similar’ transaction signing would be cool but dunno if that’s possible…
Two factor authentication would go a long way here. Even if they log your key strokes, the second factor will change and void their use anyway.
4 Likes
Traktion:
they log your key
If they do go 2-factor auth, it would be good to make sure there are options that don’t require a cell phone.
piluso
February 28, 2016, 1:27am
8
The options shuffled so far in the forum has been SQRL and Fido’s U2F.@dirvine was looking favorable the SQRL, not sure about U2F.
I wrote a post detailing the U2F mechanism:
@dirvine Is there any impediment to implement FIDO U2F in SafeNet?
[FIDO Universal 2nd Factor (U2F)]
[Quote]“The technical working group of the U2F have a proposal on the table, so far it hasn’t been any major objections, in essence now that the browser can talk to the authenticator, one of the key pieces that the authenticator device needs to be implemented is what we call test of user presence.
So it is not good enough to leave your token in there, so if you are going to authe…
Which was a spinoff from this forum thread:
Thanks for reminding me that we’re working with a new paradigm. The “usual” gets ingrained sometimes.
And I’m glad your comment brought others in to explore the “local compromise” scenarios. Not nearly as severe as a third-party data-store being compromised, but still good to be cognizant of.