Disclaimer

The content of this blog is my personal opinion only. Although I am an employee - currently of Nvidia, in the past of other companies such as Iagination Technologies, MIPS, Intellectual Ventures, Intel, AMD, Motorola, and Gould - I reveal this only so that the reader may account for any possible bias I may have towards my employer's products. The statements I make here in no way represent my employer's position, nor am I authorized to speak on behalf of my employer. In fact, this posting may not even represent my personal opinion, since occasionally I play devil's advocate.

See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.

Friday, December 01, 2017

2FA watch app please! not phone

Duo Mobile: Duo Security:



'via Blog this'



My new employer uses Duo's push two factor authentication.  This is good...



But oh my gosh do I wish that this 2FA app was a watch app and not a phone app!  I am coming to hate having to go find my phone...  For some reason I need to do this much more often than in my personal 2FA usage - probably because I spend more time at work on my PC than banking, etc.  And Gmail and LastPass 2FA persists across (some) reboots.



If my employer's 2FA was time based, I suppose that I could clone the TOTP to run on both my phone and my watch. Although I never trusted the TOTP implementation for my Pebble SmartWatch - I never trusted that the Pebble had good enough security, both inside the watch, and in the synched-ed to phone app.



MORAL: SmartWatches need good security.



I would hope that the Apple Watch has good security.  That's a large part of the reason I switched from Android to iPhone.  Now if only the Apple Watch had decent battery life, I would gladly switch.  Being able to use my watch as 2FA would almost be enough to justify paying for cell phone connectivity for the watch independent without going through the phone.



In my dreams, the smart watch would carry the SIM card, and
temporarily delegate it to whatever more battery endowed device it was close
to. Like phone, or tablet, or laptop.  The smart watch could/should be the
most secure device – more physically secure, or at least less likely to be left
behind. Passwords by clicking buttons or tapping. Potentially endowed with
biometrics like fingerprint, and heartrate continuous monitoring – redo slow
authentication when taken off.

Will NNs
for pleasant authentication – fingerprint, face, voice – fit in the SmartWatch
form factor and battery profile?  I am willing to relegate training to a
synched to SmartPhone app; I would prefer NOT to let biometric authentication
live in the cloud, although it is probably too late.  All of our faces are
belong to Google, and Facebook, and ….



Amusing idea;  passwords as a sequence of silly facial
expressions.  NNs to recognize you tapping your favorite song on the
phone.  Conscious control of heartrate or body temperature or galvanic
skin response for authentication. Perhaps this will be the route to direct neural interfaces, the incremental step that provides partial value.


---



My Apple watch owning friends are happy to rub it in that they have a watch app for Duo 2FA..



As are some of my Android Wear friends - except they say that too many clicks are required on the watch app, so they often pick up the phone.



For the Record, I am currently wearing a FitBit Blaze not-really-smart watch.  Mainly as a Fitness Tracker, and that mainly because of FitBit's social fitness challenges with my friends. I was very disappointed to realize that the Blaze provides transient calendar notifications, but does not actually store my calendar on the watch.   Although FitBit bought Pebble, it doesn't yet support Pebble-style watch apps.