Is Battery-Free 2-Factor ID Secure? 180
An anonymous reader writes "There was a television program in Australia last week about Matthew Walker's visual battery-less two-factor authentication system called PassWindow. Essentially, you hold the clear plastic window up to the apparently random pattern on the screen of your computer, revealing a one-time PIN to type in for authentication. The plastic window has many advantages: difficult to copy or view over the shoulder, etc. Because there is no electronics, chip or battery, the PassWindow is extremely cheap to manufacture, giving it a big advantage over other two-factor authentication systems. However, I don't know about the security of the system. The apparently random pattern of lines in the PassWindow is analogous to a one-time pad, using a different subset of the one-time pad every time a PIN is needed. Is this a useful level of security for logging in to a bank account?"
Wrong. It is not translucent. (Score:4, Informative)
Please RTFA and the website. The filter is opaque. THe user is sent gibberish as a password, and it only makses sense if you have the opaque window to create letters and numbers from the gibberish.
It is mot possible to decode without knowing the one time padd. And the one time padd is implemented in the physical world, by the window.
If the authors claims are accurate (that it is possible to create tens of thousands of throwaway passwords per window before they need to be replaced) then this is an ideal authentication method IMO.
meh (Score:5, Informative)
From what I saw, this system might be able to protect you from a single compromisation of your security. This would depend on a few factors, though. Given you can see both the pattern and the code, from a single session you could make some assumptions about what the code would be with a different pattern. It might take a few tries to generate the correct code. If the attacker can partially log in multiple times without being locked out, he may be able to choose a pattern that has fewer possible permutations for the code.
There's also a potential problem in that, if an attack is made on an account and the account is locked out, the card would have to be replaced. Otherwise, if the account is re-enabled without replacing the card, the attacker would be able to continue to make attempts to log in. I suppose you could also alert the customer to change their password due to a security breach.
I don't think this will protect very well against a customer's own system being compromised, with an attacker being able to monitor multiple log-ons. There are simply too few possible permutations in those 7-segment displays.
I'd also like to mention there's a potential problem if the monitor's resolution is too high. If, for instance, the user wants to log on via a netbook, the code displayed may be too small to match up with the code on the card, making logging in impossible.
It's better than nothing.... (Score:2, Informative)
It's better than nothing.
The trick is that yes, it does leak information- each time you use it, an eavesdropper gets a little more information, perhaps enough to "get in". Or perhaps not.
On the other hand, the server end knows what cells may or may not have been compromised and can optimize around that.
The beauty of such grilles (and they have been known for centuries) is that they are _cheap_ and it's not unreasonable for the server end to predict when a grille's private information has been used up and sends you a new one well before that time.
So- not new, but not bad, either.
Re:Easily Rectified (Score:4, Informative)
This image is going to be scaled to be the exact same size on the screen in any web browser.
Only in your dreams. Lots of people lie to their OS about their monitor DPI, because said OS is deficient.
short answer: no (Score:3, Informative)
Re:Wrong. It is not translucent. (Score:4, Informative)
You're only using a subset of the window at a time. It is a single object which acts as many many one-time pads.
Re:Wrong. It is not translucent. (Score:2, Informative)
I wouldn't say that. The "one time pad" is static. If it were truly an OTP, you would either need hundreds of these cards, or at least several that could be combined together in thousands of different ways. and they would have to have lots and lots of different combinations to make it work.
The bottom line is the physical factor is the weak link in the chain. The key-length is too short.
Re:Password in clear-text (Score:3, Informative)
It's like having a few dozen CVVs. If you snoop one of the CVVs on the card it won't help you when the server asks you for a different one.
If you can snoop a few dozen transactions you can crack it, sure, hut if you're in a position to do that the other person is basically screwed anyway.
Re:Chaum-like (Score:3, Informative)
The whole point of this is *2* Factor authentication. You use this as well as a password (something you have, something you know). Stealing one or the other is useless. Key loggers are useless because you need to physically have the device or a copy of it to make the system work.
Really this is a stab at an inexpensive version of something like an RSA Card which uses a cryptographically secure RNG that is synced to a master server when it is initialized. The numbers it generates every 60 seconds are only good for a small window so along with a password it makes systems very hard to crack.