good podcast guys! Agree with all your comments about Blyk, just waiting for a decent operator to come out with a similar model that works! :)
bogart
· 1 year ago
Great podcast all around, I thought Jay Fenton had some great insight into the Symbian announcement.
Ideas for fingerprint-less security: The camera could be used to either recognize your face, or you could carry a 2D barcode "fob" on your keychain (or elsewhere) that could be scanned with the camera. Oh, thought of another: a bluetooth fob that is on your keychain. All of these sound kind of cumbersome, but that's the brainstorming for now.
What might be better would be for only certain apps to rrequire this extended security (another signing mechanism) so that, say, Mail 4 Exchange requires it, but you do not need to jump through those hoops just to make a call. If that were the case, it would be nice to have an area on the file system similarly protected, making the handset a secure file storage device.
Ben Smith
· 1 year ago
Yes - Jay knows his stuff good 'n proper... a privilege to have him on.
Interesting thoughts re: security. I'm not sure our corporate security types would go for the token approach - they prefer to match 'something you have' and 'something you know'... a token might be one too many 'something you haves'... although it sounds like an option for consumers potentially.
Definitely like the tiered authentication bit - that ties nicely with Nokia's attempt to add dual use personal / business features to the E-series so they could be secured independently... like so much here though I think it would all be in the execution. Anything more cumbersome would be unwelcome on my devices!
bogart
· 1 year ago
The hope with the tiered idea was that you would encounter the extra authentication bits less often than you currently do. I have not run into what you were talking about (luckily, my phone is just for fun at the moment) so my theory may not mesh well into real-world application.
I get the "something you have, something you know" paradigm, but isn't something you have + something else you have more powerful? Might have to look at what Schneier has to say on that, but it seems like having the phone and having your face/having a fob would be more secure than a passcode that could be guessed, brute forced, etc. Again, something for real-world experimentation as this is just brainstorming at the moment.
Ben Smith
· 1 year ago
Two 'something you haves' are obviously better than 1 in some scenarios, but in a number of others there's no benefit at all - a thief can steal my phone and token from a hotel just as easily as the phone alone for instance.
WRT the passcode, M4E enforces a 3 (or is it 5?) attempts then completely wipes the device to prevent brute forcing.
All Comments
Ideas for fingerprint-less security: The camera could be used to either recognize your face, or you could carry a 2D barcode "fob" on your keychain (or elsewhere) that could be scanned with the camera. Oh, thought of another: a bluetooth fob that is on your keychain. All of these sound kind of cumbersome, but that's the brainstorming for now.
What might be better would be for only certain apps to rrequire this extended security (another signing mechanism) so that, say, Mail 4 Exchange requires it, but you do not need to jump through those hoops just to make a call. If that were the case, it would be nice to have an area on the file system similarly protected, making the handset a secure file storage device.
Interesting thoughts re: security. I'm not sure our corporate security types would go for the token approach - they prefer to match 'something you have' and 'something you know'... a token might be one too many 'something you haves'... although it sounds like an option for consumers potentially.
Definitely like the tiered authentication bit - that ties nicely with Nokia's attempt to add dual use personal / business features to the E-series so they could be secured independently... like so much here though I think it would all be in the execution. Anything more cumbersome would be unwelcome on my devices!
I get the "something you have, something you know" paradigm, but isn't something you have + something else you have more powerful? Might have to look at what Schneier has to say on that, but it seems like having the phone and having your face/having a fob would be more secure than a passcode that could be guessed, brute forced, etc. Again, something for real-world experimentation as this is just brainstorming at the moment.
WRT the passcode, M4E enforces a 3 (or is it 5?) attempts then completely wipes the device to prevent brute forcing.