[STV0726]

Only 8k of the 20k raised and 7 days left...

Do you actually enjoy remembering passwords?

Don't you finally want some use for your NFC technology?

Support this already!!!

Hey CB bloggers, I think we need a reminder post to support this.

-STV on Z10STL100-3/10.2.1.2228 TMO US

[Dunt Dunt Dunt]

What?
Who?
Why?
Where?

[FOR RIM]

HERE
http://forums.crackberry.com/general...tarter-921082/

[thisisnotausername]

75% backed now!

https://www.kickstarter.com/projects...e/posts/821389

[FOR RIM]

that's great

[kbz1960]

So what are you tapping to log in? Your phone against your phone?

[BadGoliath42]

Tap against an NFC tag, which send your encrusted credentials through internet and to your desktop browser to log in on a website. Really cool!

Posted via CB10 on my Z30

[kbz1960]

Tap against an NFC tag, which send your encrusted credentials through internet and to your desktop browser to log in on a website. Really cool!

Posted via CB10 on my Z30

So the computer also has to use NFC too. What extra thing does a person need so their computer accepts NFC?

[BadGoliath42]

So the computer also has to use NFC too. What extra thing does a person need so their computer accepts NFC?

Let me be clearer and without bad autocorrect (encrusted...!).

You want to log in on a website on your PC Chrome-compatible browser.

You tap your NFC equipped phone with an NFC tag in the form of a bracelet, sticker, keychain, etc. and the app installed on your phone send your locally stored credentials to SympleID server which send them back to your PC browser plug-in without decrypting them. It is then locally decrypted on your PC and your credentials are entered on the webpage, so you can have a simple way to write and remember complex passwords.

I like it, it seems cool, helpful and secure, and I contributed for that reason.

Posted via CB10 with my BlackBerry Q5

[kbz1960]

Let me be clearer and without bad autocorrect (encrusted...!).

You want to log in on a website on your PC Chrome-compatible browser.

You tap your NFC equipped phone with an NFC tag in the form of a bracelet, sticker, keychain, etc. and the app installed on your phone send your locally stored credentials to SympleID server which send them back to your PC browser plug-in without decrypting them. It is then locally decrypted on your PC and your credentials are entered on the webpage, so you can have a simple way to write and remember complex passwords.

I like it, it seems cool, helpful and secure, and I contributed for that reason.

Posted via CB10 with my BlackBerry Q5

Thanks. I wasn't getting the tap to log in.

[dcaffeine8d]

Bump. We need more supporters. I too don't want to remember all my passwords. This is better than 2-step authentication.

Z30STA100-5/10.2.1.2947

[Clanked]

Yes everyone donate....this is an amazing idea!!!!!!

Kev! Where's kev to donate!?

Posted via CB10

[peter0328]

I'm not interested in this. The architecture and idea has less security than in market options.

2-step verification + BlackBerry Password Keeper works for me.

I trust a BlackBerry native app with security of my passwords. I trust NO third party with access to them.

Your system adds an insane part that I don't like. I do not want any authentication data being sent to any party other than the service being logged into. I don't like middlemen.

This system adds unneeded complexities to login and password management. It also theoretically creates a less secure system.

Even if you accept that the transfer of your password information through the Internet to a third party is somehow secure, the authentication used for this app is not.

In this system you are authenticated based solely on physical objects. If anyone has access to your phone they can tap your NFC "key" and authenticate (login). It does not require knowledge, an essential part of a secure multi-step verification system.

2-factor is a password (knowledge) and generated code (something you have, physical). This system replaces it with only physical. Physical only is worse than knowledge only.

No thank you. I value BlackBerry for security and your proposal does not increase security. It ATTEMPTS to increase convenience by lowering security, but I do not think even that is successful.

EDIT: Additional problems:

-Requires Chrome and plug-in. Your example saying good for Internet cafes and friends computers don't make sense. You won't be able to install Chrome and/or a plug in.

-Your "mobile, plug-inless" solution is a USB key. So now I need an NFC tag and a flash drive, and the computer I'm using must support using that flash drive to run whatever software is on it. Or I could just remember my password and cary less. Or just store my passwords in Password Keeper since I will already have my phone.

-You state the supported encryption methods of the library being used, but do not state which of those methods the system and application will be using at which point.

-You state that the app is protected with NFC token authentication. So if your token is damaged, lost, or stolen then you lose your passwords? Awesome. You state that the passwords can be backed up and restored, but mention nothing about how that is authenticated. Is it through that same NFC token, master password, nothing?

-Also it is trivial to clone the NFC tags used from a distance. It is also possible that a tag could be created to brute force the app until the ID is correct.



Posted via CB10

[BadGoliath42]

You have a nice strategy there peter0328: you're saying the whole system is bad because all individuals components of it are bad if they are taken independently.

Tell me, if you were an hacker, would you prefer trying to steal people phones AND crack their phone password AND beat them up to get their NFC tag (wherever they might be, on them or at home) or just stay safe at home and distribute some keylogger apps in unknowing people's downloaded files. Which, by the way, would also make your BlackBerry Password Manager's password retranscription void about security. And keep in mind that first of all, the person would have to know that he has to tap the tag on your phone *after* he installed the plugin on a computer and linked it to your account. The key here is to have more way to secure data. And by the time it is successfull (if it is), SympleID can improve it's service on it's own.

I personally think it will make a good product, but if it doesn't, I will just not use it anymore, that's all. No string attached: no passwords are stored on their servers.

Classic two-step authentification is way better, already, I agree. But by your philosophy, it wouldn't because someone can steal your phone and generate a temporary password. Or just use � I've forgotten my password � and use your contacts or anything on your phone to answer secrets questions, or receives emails from another email accounts. No, two-step is quite secure, these scenarios are improbable, but as anything else, not impossible.

Maybe the product is not for you because you seem to base your judgement on trust, and you do not trust this start-up to do a good job securing your data. Fine. But please consider a lot of people have very weak password (most used password is 123456) or writing them in a text file on their desktop. This product would be an exponentially more secure way to keep their passwords, without being exposed to keyloggers, phising and the like. Oh, and by the way, I hope your BlackBerry Password Manager's password are exported or saved somewhere else, because if you lose your phone, you lose them as well. Just saying.

No system is perfectly secure, and this one is no different, but some make a damn good job at keeping your stuff safe by finding inventive way no one else would think about. Add a couple of those systems (say, SympleID encrypted connection + BB10 Picture Password + regular PC password), and the probability a fraudulent person would crack one of these, or even know how it works at first, is low. All together, they are *not* at risk.

And you know, car thieves check on unlocked car first, and exposed objects inside the car. Same with quick-results hackers (not Anonymous type hackers, obviously).

And in the end, someone could just point a gun in your face in a dark alley and ask you for your passwords?

[STV0726]

...and we could utilize biometrics with deep scanning to prevent finger dismemberment to circumvent the security (if thieves know that lol).

Then they will have you and your thumb at gun point.

No perfect answer to security nor privacy.

-STV on Z10STL100-3/10.2.1.2228 TMO US

[MrGabriel]

Only $2,700 away!!! Three days to go! Come on, everyone we're so close!

Posted via CB10

[STV0726]

Well crap, now I have mixed feelings about it...

Part of me knew it couldn't be as secure as using just memory or a secure keeper that stores credentials locally and encrypted strongly AND using randomly-generated passwords with high entropy.

Le sigh.

Another issue with it is not all logins are browser-based. Steam? WoW? Just to name two.

-STV on Z10STL100-3/10.2.1.2228 TMO US

[BadGoliath42]

Well crap, now I have mixed feelings about it...

Part of me knew it couldn't be as secure as using just memory or a secure keeper that stores credentials locally and encrypted strongly AND using randomly-generated passwords with high entropy.

Le sigh.

Another issue with it is not all logins are browser-based. Steam? WoW? Just to name two.

-STV on Z10STL100-3/10.2.1.2228 TMO US

It will fit my needs, because 90% of passwords I need to enter are on a browser. If you mostly use off-browser passwords, maybe it's not the product for you.

For the rest, don't tell me all website credentials you need have two-step authentifications. And as I said above, having your phone stolen, anybody can have access to your life via emails, contacts, 'password forgotten' stuff sending you an email the thief would also have access to because he has your phone. So no change there.

But anyway, I understand this is not for everyone, but I think it will be good enough at launch so it can grow and add more features to it, so it can be awesome for anybody.

Posted via CB10 on my Z30

[Thunderbuck]

Everybody, please look at this Kickstarter! They're less than 48 hours from the deadline and still have a couple thousand to cover! They're SOOOOO close!

[Thunderbuck]

I'm not interested in this. The architecture and idea has less security than in market options.

2-step verification + BlackBerry Password Keeper works for me.

I trust a BlackBerry native app with security of my passwords. I trust NO third party with access to them.

Your system adds an insane part that I don't like. I do not want any authentication data being sent to any party other than the service being logged into. I don't like middlemen.

This system adds unneeded complexities to login and password management. It also theoretically creates a less secure system.

Even if you accept that the transfer of your password information through the Internet to a third party is somehow secure, the authentication used for this app is not.

In this system you are authenticated based solely on physical objects. If anyone has access to your phone they can tap your NFC "key" and authenticate (login). It does not require knowledge, an essential part of a secure multi-step verification system.

2-factor is a password (knowledge) and generated code (something you have, physical). This system replaces it with only physical. Physical only is worse than knowledge only.

No thank you. I value BlackBerry for security and your proposal does not increase security. It ATTEMPTS to increase convenience by lowering security, but I do not think even that is successful.

EDIT: Additional problems:

-Requires Chrome and plug-in. Your example saying good for Internet cafes and friends computers don't make sense. You won't be able to install Chrome and/or a plug in.

-Your "mobile, plug-inless" solution is a USB key. So now I need an NFC tag and a flash drive, and the computer I'm using must support using that flash drive to run whatever software is on it. Or I could just remember my password and cary less. Or just store my passwords in Password Keeper since I will already have my phone.

-You state the supported encryption methods of the library being used, but do not state which of those methods the system and application will be using at which point.

-You state that the app is protected with NFC token authentication. So if your token is damaged, lost, or stolen then you lose your passwords? Awesome. You state that the passwords can be backed up and restored, but mention nothing about how that is authenticated. Is it through that same NFC token, master password, nothing?

-Also it is trivial to clone the NFC tags used from a distance. It is also possible that a tag could be created to brute force the app until the ID is correct.



Posted via CB10

Peter, with all due respect (and I have a lot of it for you), you're making the "perfect" the enemy of the "good".

I don't know that I'd trust this with all my passwords. Maybe not even ANY of my online ones. But the idea that I could wear a wrist tag that will unlock my phone is very appealing.

Let's get this funded and see what they can do to make it BETTER.

EDIT: BTW, Peter, if you read a little more carefully you'd see that the USB key comes with Chrome PORTABLE with the Symple extension. No need to install on foreign computers.

[peter0328]

Peter, with all due respect (and I have a lot of it for you), you're making the "perfect" the enemy of the "good".

I don't know that I'd trust this with all my passwords. Maybe not even ANY of my online ones. But the idea that I could wear a wrist tag that will unlock my phone is very appealing.

Let's get this funded and see what they can do to make it BETTER.

EDIT: BTW, Peter, if you read a little more carefully you'd see that the USB key comes with Chrome PORTABLE with the Symple extension. No need to install on foreign computers.

Regarding the USB key: I am aware that it includes Chrome with the extension pre-installed. I was pointing out that not all computers have accessible or functional USB ports (disabled for security). My biggest complaint for it was that this solution would have me carry my phone, NFC tag, and USB drive while using Password Keeper requires just my phone.

And I don't know what you mean when you say you probably wouldn't use it for any online passwords. This can only be used for online (website) passwords.

Also, you cannot unlock your phone with this. You have to unlock your phone and then tap the NFC tag to authenticate web logins on a computer. It does not work like the Moto X phone unlock tag.

Posted via CB10

[nycspaces.]

Bump - these guys are actually trying to build something for BBRY 10, let's see who can support it, it would suck to see a BBRY project not get funded.

[Thunderbuck]

Regarding the USB key: I am aware that it includes Chrome with the extension pre-installed. I was pointing out that not all computers have accessible or functional USB ports (disabled for security). My biggest complaint for it was that this solution would have me carry my phone, NFC tag, and USB drive while using Password Keeper requires just my phone.

And I don't know what you mean when you say you probably wouldn't use it for any online passwords. This can only be used for online (website) passwords.

Also, you cannot unlock your phone with this. You have to unlock your phone and then tap the NFC tag to authenticate web logins on a computer. It does not work like the Moto X phone unlock tag.

Posted via CB10

You're right, I'd wound up with the impression that this would work to unlock the phone, though it's not impossible that they could take it there. It would take special support from BlackBerry, but it sounds like they already have a good relationship.

And, granted, Password Keeper is a one-device thing, but it still requires manual entry. As these guys describe it, they're not actually storing the passwords (they stay, encrypted, on your phone), so this would actually be MORE secure than LastPass.

Still think it's an interesting idea, and worth supporting.

[MrGabriel]

Only $1,750 to go!!

Posted via CB10

[KermEd]

All I can say is I'm not wearing a bracelet. And I'm not carrying another token.

Instead of this. Change your passwords every 6 months and use 2 stage authentication.

For those who want in the kickstarter though good luck - it'll probably get funded at the end.

Posted via CB from my LE