Everykey: New Product that Replaces Passwords and Keys

Discussion in 'hardware' started by Rasheed187, Jan 2, 2016.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  2. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    @Rasheed187,

    If your passwords are indeed stored locally on the system that alleviates some of my concerns about this being an over-the-air device. But without reviewing the implementation of the encryption scheme and understanding how the bluetooth identifer is generate and handled by the device and receiving system, I would still be hesitant about man-in-the-middle and side-channel attacks. Presuming a worse case scenario they have a copy of your key-chain, how does the device generate the blue-tooth identifier (remember RSA keys)? Is it predictable that someone could determine a pattern in the generation? How does the transmission and decryption process actually work? Are they transmitting two different bits of information by blue-tooth and also by USB when plugged in? Can you limit the number of guess attempts? Also, is the authentication process complemented by other factors such as a user pass-phrase? Interesting product to say the least, I've experimented with products like Yubi-key before, so interested to see who this fairs in comparison.
     
  3. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,270
    Location:
    Nebraska, USA
    So if you lose your EveryKey device, or leave it at home when you go out, a badguy can just use it to gain access to your computer and all your accounts until you realize it has been lost or stolen or left behind and you contact Everykey to have it frozen.

    No thank you.

    I will stick with my password manager/safe where all I have to remember is one password, the one to my encrypted safe.
     
  4. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    lol, one key to rule them all... take my belongings and identity now please; saves me waiting for the bad guy.

    This is cool: "Customizable up to 3 Meters"; until you are parked at red lights and some dude is ready to steal your data... good ol' drivebys ;)
     
  5. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    I'm holding my reservations since I still don't see any technical specifications or detailed reports on this product. But at first glance, I agree with you guys that this type of security product that has me :argh:
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    @ Everyone

    Thanks for the insight, so perhaps it isn't such a good idea. Actually, that is an understatement.
     
  7. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,270
    Location:
    Nebraska, USA
    The thought behind it is good, the execution is not. And it is not really a new concept either. The US DoD has been using something similar for nearly a couple decades called a CAC card - though for the most secure access, it requires two-factor authentication (the card, and a PIN or password).

    What would be better than having to carry around this device that might get lost or stolen is to inject the RFID chip into your arm - like they do with dogs and cats should they run away.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    It's not exactly the same, but Authy looks interesting to me. Funny enough I always wondered why no one came up with an idea to offer a universal 2FA system (for the desktop) that works with all sites. This one seems to work for sites that support Google Authenticator, I just wished more companies would sign up, like online banks and shops.

    https://www.authy.com/app/
     
Loading...