@Rasheed187, If your passwords are indeed stored locally on the system that alleviates some of my concerns about this being an over-the-air device. But without reviewing the implementation of the encryption scheme and understanding how the bluetooth identifer is generate and handled by the device and receiving system, I would still be hesitant about man-in-the-middle and side-channel attacks. Presuming a worse case scenario they have a copy of your key-chain, how does the device generate the blue-tooth identifier (remember RSA keys)? Is it predictable that someone could determine a pattern in the generation? How does the transmission and decryption process actually work? Are they transmitting two different bits of information by blue-tooth and also by USB when plugged in? Can you limit the number of guess attempts? Also, is the authentication process complemented by other factors such as a user pass-phrase? Interesting product to say the least, I've experimented with products like Yubi-key before, so interested to see who this fairs in comparison.
So if you lose your EveryKey device, or leave it at home when you go out, a badguy can just use it to gain access to your computer and all your accounts until you realize it has been lost or stolen or left behind and you contact Everykey to have it frozen. No thank you. I will stick with my password manager/safe where all I have to remember is one password, the one to my encrypted safe.
lol, one key to rule them all... take my belongings and identity now please; saves me waiting for the bad guy. This is cool: "Customizable up to 3 Meters"; until you are parked at red lights and some dude is ready to steal your data... good ol' drivebys
I'm holding my reservations since I still don't see any technical specifications or detailed reports on this product. But at first glance, I agree with you guys that this type of security product that has me
@ Everyone Thanks for the insight, so perhaps it isn't such a good idea. Actually, that is an understatement.
The thought behind it is good, the execution is not. And it is not really a new concept either. The US DoD has been using something similar for nearly a couple decades called a CAC card - though for the most secure access, it requires two-factor authentication (the card, and a PIN or password). What would be better than having to carry around this device that might get lost or stolen is to inject the RFID chip into your arm - like they do with dogs and cats should they run away.
It's not exactly the same, but Authy looks interesting to me. Funny enough I always wondered why no one came up with an idea to offer a universal 2FA system (for the desktop) that works with all sites. This one seems to work for sites that support Google Authenticator, I just wished more companies would sign up, like online banks and shops. https://www.authy.com/app/
