This doesnt necessarily mean that you are completely hosed. The moment your knowledge of these credential(s) (pbkdf and more, the stuff you type into the launcher) become shared, you have essentially lost your soley control to this initial boostrap piece of data that is the root objcect to your account. Access limits imposed could maybe implemented via higher level means but do not come as a fundamental property of such networks. Accessing doesnt have limits or means limited to certain number of sessions or times. access this piece of essential primary data. Well “logging in” means in these architectures pbkdf based (and similar) and “password never leaving computer” but the pbkdf result (and more misc tech details) simply pointing to your “master record” and thus credentials on the already existing and persistent network, does mean you can “log in” a.k.a. For now I think we definitely have to leave this aside and let Maidsafe focuss on the mechanics of the network. Wait for mainstream traction and solutions like these will become necessary and built - but that´s still years ahead. We are still far away from a release candidate. Solutions you are asking for can be implemented by using applications or hardware, they don´t have to be done at core level. The type of security you are asking for is a usecase for mainstream users who need high security out of the box (because they don´t care enough for themselves). Your concerns are really important, but they can and will be addressed once the raw network is there. I think you are overthinking this (positively, I´d say). It would just inconvenience the attacker.Īctually that would be a big disadvantage for everyone who intends to be logged in with different devices at the same time #3devicesatatime If your credentials are found out then a limit of one login at a time is not going to help you except in the rare cases where you know about the credentials found out, or you never log out. Then the network would have to have a concept of “logged out” Cannot pay anyone then because you couldn’t log in
WWW WUALA COM LOGIN PC
What about payments out and about and you left your PC at home logged in. Then you could not get your data/research held in private storage. Imagine you go to an important meeting or letecure or whatever and you left your computer at home signed into SAFE. I would see it a distinct major disadvantage to limiting it to one only login at a time. If an attacker has your credentials then you would have to stay logged on forever if SAFE only allowed one login at a time. I see no issue being able to log onto your account from one or many locations. So as soon as they type in the last digit needed for the 2FA they are automatically logged in and this closes the window of opportunity for the attacker to be first.Īt first it seems fun that you can login from different computers, but the fun stops when an attacker can just upload, edit and delete people their data.
There is yet another problem, what if an attacker can use an automated script to login, that logs in before the user logs in? Maybe this can be overcome, that users are no longer required to click on “login”. This means that they need your phone to login for the second time, asuming that you will be quicker with logging in. If you log in first and others are not able to login again, unless they type in the next 2FA that is provided to you. The thing is, if an attacker has an keylogger they can just type over what you type when you log in and also be able to log in. Account recovery - what happens when credentials get out?Ĭan somebody try to log in with my credentials on their computer?Ĭheck your private data had a question about account recovery, but I think we also need 2FA to protect against attacks.
0 kommentar(er)
