Blackberry ID and BBM : why the weak security?
- Google, Apple and Microsoft as well as many other services offer 2 step authentication. BlackBerry still doesn't.
For all their vaunted security, I find this pretty lame and makes me take BlackBerry less seriously when it comes to security.
Posted via CB1007-07-15 11:44 AMLike 3 - I disagree...anyone with your BBID and your password can take over your BBM, BBWorld and probably wipe your phone. With 2 step authentication they either need your authenticator or the text message with the auth code.
And not everyone is on BES...
I'm concerned that BlackBerry is lax in protecting my account, and wonder why they haven't implemented a beefier authentication option.
Posted via the CrackBerry App for Android07-07-15 12:31 PMLike 3 - I respectfully disagree.
Google, Apple and Microsoft IDs are associated with cloud services which (potentially) backup all content of your device.
The BlackBerry ID however is not linked to any such service.
Even if my BlackBerry ID + password would be leaked, the attacker would not have access to any private communication, files, contacts or calendar .
The attacker could only remotely wipe my device, and I am tempted to say that I would deserve this little treatment when I leaked a password.
I like to make things secure, but I use my limited resources for the critical vulnerabilities.
Posted via CB1007-07-15 01:40 PMLike 2 - There is no excuse for weak security from a company who sells it's self as the standard in mobile security.
Posted via CB1007-07-15 01:43 PMLike 2 - Prem WatsAppCrackBerry Jester of JestersMaybe it's already in the pipeline as we speak?
:-)
� Chendroid or not? - QNoX powered ftw...? �07-07-15 03:22 PMLike 0 -
As such, it's pretty laughable that BlackBerry, a supposedly security-conscious company, doesn't offer 2FA - this has been considered Security 101 for some time now.07-07-15 03:30 PMLike 0 - Security is about cost / benefit.
You don't spend millions on a bank vault to protect 8 rolls of toilet paper you just bought right?
I don't see the point of spending millions on a two factors authentication just to prevent someone from logging in to your account.
There is nothing much they can access. They can't see your previous conversations, your contacts, your personal information.
And as for BBM, it's associated to 1 PIN only so you'll know if your account is compromised.
So again, security is about a good balance between cost and benefits. It's not about getting the best most secure protection and just basically creating an empty, unbreakable shell
Posted via CB1007-07-15 03:38 PMLike 0 -
I've always thought BlackBerry should offer two step verification. I use it on all of my accounts that have the option.07-07-15 04:56 PMLike 0 - What if it isn't you? What if BlackBerry's password database is broken into? This is the entire point of two-factor authentication - an extra layer of protection if other security measures fail. Any company that takes security seriously should be prepared for the worst-case scenario.
As such, it's pretty laughable that BlackBerry, a supposedly security-conscious company, doesn't offer 2FA - this has been considered Security 101 for some time now.
The BlackBerry ID is NOT an asset, because it is not linked to any cloud service.
This was my main point and interestingly your response didn't address it.
The OP is comparing BlackBerry with Google, Apple and Microsoft, however, since BB 10 BlackBerry doesn't store any of your data on their servers anymore.
No data = no asset = no need for higher security level.
I don't like it when my boss, co-workers or business partners come up with unreasonable requests based on false information, which waste my time and money for no benefit.
And I think this request belongs to this category.
However, just to avoid any misunderstanding, you may tell me which of my data will be stolen with my BlackBerry ID in the wrong hands?wasabiGT likes this.07-08-15 02:41 AMLike 1 -
BlackBerry protect in of itself grants them the ability to track you, lock your phone or remotely destroy data on your device including contact information.
Couple that with BBM doing a contact cloud sync, allowing them to kick you out of BBM and hijack your contacts on your behalf (i.e. Spam or fraud potential).
One end case, if your a developer, access to your entire app catalogue including sales information and full access to modify or delete your apps... Potentially allowing an intruder to damage your digital assets in such a way as they are unrecoverable (due entirely to the appworld vendor portal submission system).
But that's everything I can think of... I imagine the bigger problem might be how to do you do two factor when the second factor comes back to the device anyway?
Posted to CB via my Passport | Lloyd Summers | FileArchiveHavenLazyEvul and Superdupont 2_0 like this.07-08-15 02:53 AMLike 2 - Now tell me, how could I use two-step to log in my phone, where all my two-steps I have require my phone?rthonpm and AnimalPak200 like this.07-08-15 03:16 AMLike 2
- The lack of two step verification is the least of your worries if you use BBM: the messages aren't even end to end encrypted, something that even whatsapp(owned by Facebook of all companies) offers. I started using BBM when I got into bb10 but it's time to jump ship. Download telegram and enjoy the peace of mind of a secure, open source messenger.
Posted via CB1007-08-15 03:22 AMLike 0 -
Tracking my location could work until I find out the breach, assuming location service is always on.
Yes, something like this could happen here, but no classical data loss.
One end case, if your a developer, access to your entire app catalogue including sales information and full access to modify or delete your apps... Potentially allowing an intruder to damage your digital assets in such a way as they are unrecoverable (due entirely to the appworld vendor portal submission system).
For me this would be reason enough to offer a two factor auth.
I think for the above threats the attacker doesn't need your device, but another BlackBerry (which in turn makes the attracker somewhat traceable for LEA)?07-08-15 03:23 AMLike 0 - The lack of two step verification is the least of your worries if you use BBM: the messages aren't even end to end encrypted, something that even whatsapp(owned by Facebook of all companies) offers. I started using BBM when I got into bb10 but it's time to jump ship. Download telegram and enjoy the peace of mind of a secure, open source messenger.
Posted via CB10
And typically the app asks you to upload all your contacts informations, which is afaik at least for most Android version unavoidable.07-08-15 03:26 AMLike 0 -
- There are several ways how strong authentication could be implemented and it would make sense.
Furthermore I have not been able to use strong authentication for the enterprise store, allowing me access to the whole BES12 cloud.
This is something I believe is a bigger omission...
RSA is a security company and all resources which might be remotely worth securing are secured with strong authentication.
Secure passwords are secure as long as they are just available to the right person. Keylogger and many other attacks are posing a high risk that even a 100 character password of an admin from a large organisation is leaked obtained by a hacker.
All information that could be gathered from the BES is not too sensitive, but can be used in a more elaborate attack.
Posted via CB1007-08-15 04:18 AMLike 0 - Prem WatsAppCrackBerry Jester of JestersThere are several ways how strong authentication could be implemented and it would make sense.
Furthermore I have not been able to use strong authentication for the enterprise store, allowing me access to the whole BES12 cloud.
This is something I believe is a bigger omission...
RSA is a security company and all resources which might be remotely worth securing are secured with strong authentication.
Secure passwords are secure as long as they are just available to the right person. Keylogger and many other attacks are posing a high risk that even a 100 character password of an admin from a large organisation is leaked obtained by a hacker.
All information that could be gathered from the BES is not too sensitive, but can be used in a more elaborate attack.
Posted via CB10
:-)
� Chendroid or not? - That is the question... �07-08-15 04:28 AMLike 0 - Whether or not 2 factor authentication is necessary (and valid arguments have been made) is not the point. If Blackberry's only real competitive advantage is security, it must at least give the impression that relatively simple to implement measures are in place.
And since BlackBerry has complete access to your phone via the ID, I would not assume that private data is not sitting on their servers.
Posted via the CrackBerry App for Android07-08-15 07:29 AMLike 0 - BBM Money is already used in some countries. That in itself should warrant 2-step authentication. I don't think that BBM Money could go global without it.07-08-15 07:44 AMLike 0
-
Actually BB 10 devices have a hidden monitoring tool for admins (disabled by default), which is normally used for trouble shooting, but I would imagine one could use it to detect suspicious traffic.
Unfortunately I have forgotten the name of this tool...07-08-15 07:54 AMLike 0 -
Posted to CB via my Passport | Lloyd Summers | FileArchiveHaven07-08-15 09:28 AMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Blackberry ID and BBM : why the weak security?
« Is BB going to give us the option to uninstall Amazon appstore?
|
New BB phones should run Android »
Similar Threads
-
OK people let's get real with these Android rumors and clear some stuff up...
By Anthony Roberts5 in forum General BlackBerry News, Discussion & RumorsReplies: 291Last Post: 09-28-15, 04:50 PM -
Why isn't my Bluetooth turning on (BlackBerry Classic)?
By CrackBerry Question in forum BlackBerry ClassicReplies: 1Last Post: 07-08-15, 09:53 AM -
Can I download the UBER app to my BlackBerry 9900 Bold Touch ?
By CrackBerry Question in forum BlackBerry Bold SeriesReplies: 3Last Post: 07-08-15, 05:48 AM -
Can you use the new Striiv Watch band on the BlackBerry Playbook?
By CrackBerry Question in forum BlackBerry PlayBookReplies: 0Last Post: 07-07-15, 11:07 AM
LINK TO POST COPIED TO CLIPBOARD