Forgot your password?
typodupeerror
Crime Patents Security Apple

Apple Patents Power Adapter That Recovers Lost Passwords 210

Posted by Soulskill
from the charging-for-security dept.
Sparrowvsrevolution writes "Apple has patented a power charger that also serves as a password recovery backup. If a user forgets his Macbook's password, for instance, he simply plugs in the cord, and it would provide a unique ID number stored in a memory chip in the adapter that acts as a decryption key, unscrambling an encrypted copy of the password stored on the machine. The technique, according to the patent, incentivizes better password use by avoiding traditional password recovery techniques that annoy users and lead to disabled or easily-guessed passwords. The new technique is only secure, the patent admits, in cases where the user leaves a mobile device's charger at home. So the idea may make the most sense for long-battery-life devices like iPods, iPads and iPhones rather than laptops, at least until laptop batteries last long enough that users don't take their power adapters with them and expose them to theft."
This discussion has been archived. No new comments can be posted.

Apple Patents Power Adapter That Recovers Lost Passwords

Comments Filter:
  • Reasonably stupid (Score:5, Insightful)

    by Anrego (830717) * on Friday January 06, 2012 @12:45PM (#38610814)

    Well that's a reasonably stupid idea. Store the password with something many users are going to carry around with their laptop...

    And even if you didn't.. you forget your password on the road, then what? And this is less annoying than having to answer a previously entered question?

    • by Lumpy (12016) on Friday January 06, 2012 @01:00PM (#38611028) Homepage

      "And even if you didn't.. you forget your password on the road, then what? "

      you suffer the consequences. You know life has those.

      • Re: (Score:2, Insightful)

        by asdf7890 (1518587)

        you suffer the consequences. You know life has those.

        Consequences? In a world where it is McDonald's fault people are fat, tobacco's fault people can't breath, the insurance industry's fault that medical care for their fat tar-filled bodies is expensive, and people are up in arms in the UK because the NHS won't stump up for free reversal surgery because their elective operation done on the cheap turns out to have been a bad idea? There are too many people out there who fail to acknowledge they are responsible for any consequences.

        • by RingDev (879105) on Friday January 06, 2012 @01:13PM (#38611180) Homepage Journal

          I would admit that there are too many people who fail to acknowledge their responsibilities, but I would venture that there are even more people who make a living by convincing/tricking people into failing to acknowledge their responsibility.

          -Rick

          • Re: (Score:2, Insightful)

            by Anonymous Coward

            You mean like someone convincing people it's a good idea to use your power adapter as an encryption key?

        • by Noughmad (1044096)

          Why is this modded down? You're totally right, we the people never want to face any consequences, even if the actions are obviously stupid. One problem of our society is that in many cases we don't have to.

          You mentioned McDonalds and the healthcare, but I'd say it all starts earlier, in schools. Teachers can't do anything without parents getting all up in arms, so the kids can get away with anything. Student loans and credit cards all exist to create an illusion of no consequences.

          • by mattack2 (1165421)

            Student loans and credit cards all exist to create an illusion of no consequences.

            (I do not work for a credit card company.)

            Credit cards are CHEAPER for me (due to cash back), and more convenient (almost never have to go to the ATM, only for a very few places that I go to that only take cash). I auto-pay every month, so pay no late fees nor interest. They're also safer than cash, because I am legally responsible for at most $50 in losses if I report a stolen card quickly enough (and it is my understandin

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      OR, provide two power adapters... one that has your master PW and other that is a sort of "valet key" equivalent of power adapters that you take with you.

      • by Ferzerp (83619)

        At that point, why on earth would you integrate it with the power adapter and not just a cheap dongle? That's why this is, erm, patently, stupid.

        • by idontgno (624372)

          Any stupider than making two dongles (power brick, valet key) necessary?

          That's why this is, erm, patently, stupid.

          I see what you did there.

    • Re: (Score:3, Insightful)

      by Jazari (2006634)
      As the summary says, this is not for laptops. But I find it a very good idea for all kinds of other devices, and well deserving of a patent.
    • I would hope that only Apple would have the back door to this one and just because they patent it doesn't mean they will use it. I think cell phones is where it would be applied and not laptops if applied though. You know they are one of the few manufactures with a proprietary cable and no HDMI out for such expensive devices rolling on a 30% profit margin while Foxconn only gets under 1% for actually building Apples mobile devices. Now we have lots of Android devices that Apple wont be capable of putting ou

    • Not so stupid (Score:5, Insightful)

      by mschaffer (97223) on Friday January 06, 2012 @01:25PM (#38611344)

      The more junk they cram in the power adapters, the harder it is for 3-rd party companies to make copies without Apple's consent.

  • And in one move (Score:5, Insightful)

    by Kazymyr (190114) on Friday January 06, 2012 @12:45PM (#38610816) Journal

    Kills the 3rd party accessory market. Because you won't be able to get "crypto" power blocks from anyone else. Wanna bet?

    • Re:And in one move (Score:5, Insightful)

      by TheGatesofBill (637809) <sunookitsune@kitsunet.org> on Friday January 06, 2012 @12:50PM (#38610878) Homepage
      Can you get Magsafe power adapters from anyone else anyways? I've never seen any, and a quick Googling says no.
      • Re:And in one move (Score:5, Informative)

        by slartibartfastatp (613727) on Friday January 06, 2012 @01:01PM (#38611056) Journal

        Can you get Magsafe power adapters from anyone else anyways? I've never seen any, and a quick Googling says no.

        Our friends from China say "yes, you can" [dealextreme.com]. I burned two original magsafe PA, then bought this one by U$ 30 (w/ shipping) two years ago. Still working.

        • Re:And in one move (Score:4, Interesting)

          by dubbreak (623656) on Friday January 06, 2012 @01:34PM (#38611456)
          I bought one from there too (85w [dealextreme.com] for my macbook, since I thought it might run cooler).

          The led on the magsafe connector doesn't work, but the adapter works great and was a lot cheaper than the official one. Apparently the t-style magsafe aren't very robust and the internal cable gets wrecked. Of course Apple doesn't make that part of the adapter easily replaceable like the power cord (which is much less likely to get wrecked). They really should make it a replaceable part. Dell builds a sturdier power adapter for their entry level laptops (at least in my experience).
      • Re:And in one move (Score:5, Insightful)

        by Speare (84249) on Friday January 06, 2012 @01:07PM (#38611116) Homepage Journal

        I'll repeat a post I wrote on this previously.

        I really liked the MagSafe(tm) concept when Apple first came out with it, but Apple has been such a fucking prick about the damned things. They don't offer any significant range of options to use the plug, and they actively stymie all attempts of the marketplace to fill that void. Want a piggy-back battery to supply power to the laptop? Apple doesn't make one. Want to tie in with a docking station? Apple doesn't make one. At first, when asked about third party adoption of the plugs, they were "oh, well, I guess they'll start coming out any time now." Then it was "oh, well, guess nobody's trying to license them." Then when manufacturers tried to license them, they were refused. So one manufacturer decided to eat the waste and rely on the doctrine of First Sale. They BOUGHT Apple(tm) adapters, chopped off the white wallwart transformer, and soldered the MagSafe(tm) pigtail to their own battery packs, and they were still attacked by Apple's lawyers. WTF, Apple. People have varying needs to make use of your products. Step up to offer the solution, or get out of the way.

    • by Marble68 (746305)

      Bingo - well put. Would mod if I had points.

    • Re:And in one move (Score:5, Informative)

      by IVI V K (2022732) on Friday January 06, 2012 @12:54PM (#38610956)

      Apples magsafe power supply uses as patented magnetic connector.
      As far as i know there is no 3rd party power block available for mac laptops due to this connector.

      They have already "killed" this accessory market.

    • by Borland (123542)

      Kills the 3rd party accessory market. Because you won't be able to get "crypto" power blocks from anyone else. Wanna bet?

      This is rather diabolical if you're right. Oh I'm sure any 3rd party could figure out what piss-ant encryption solution they're providing and duplicate the feat. But if it's protected by patents -- well, that's a lawsuit for you. Not only are you infringing on IP, but you're circumventing protections.

      Is there a tech equivalent of the phrase, "for the children!"? We're doing it for the consumer, the consumer sir!

    • As if they need a technical restriction, when they're so heavy handed with the legislative restrictions.
      I'd never buy, for example a phone, that didn't have a micro USB charger, or a stereo that had a wacky propitiatory interface like an "ipod dock".

      It shouldn't be legal to block or tax 3rd party accessory makers, and what's needed is more forced standards for consumer screwing companies like Apple.

      • by ackthpt (218170) on Friday January 06, 2012 @01:00PM (#38611034) Homepage Journal

        As if they need a technical restriction, when they're so heavy handed with the legislative restrictions.
        I'd never buy, for example a phone, that didn't have a micro USB charger, or a stereo that had a wacky propitiatory interface like an "ipod dock".

        It shouldn't be legal to block or tax 3rd party accessory makers, and what's needed is more forced standards for consumer screwing companies like Apple.

        It's only an Apple Tax (same as a Microsoft Tax) if you go that way.

        Every time you buy into some proprietary technology you sell a little piece of your soul.

        • by bkaul01 (619795)

          It's only an Apple Tax (same as a Microsoft Tax) if you go that way.

          Every time you buy into some proprietary technology you sell a little piece of your soul.

          OK ... good luck building your own non-proprietary car, TV, computer hardware, etc.

    • by mcmonkey (96054)

      I'm a PC, but I'm guessing this also means Macs aren't the kind of folks who might have one power adapter at home and another one for traveling.

      I have 3 different adapters I might use with my ThinkPad between home, work, and traveling. Would you need a matched set of adapters with the same memory chip in each? Would using an adapter with a different chip change the encoding on the passwords?

      • by tlhIngan (30335)

        I'm a PC, but I'm guessing this also means Macs aren't the kind of folks who might have one power adapter at home and another one for traveling.

        I have 3 different adapters I might use with my ThinkPad between home, work, and traveling. Would you need a matched set of adapters with the same memory chip in each? Would using an adapter with a different chip change the encoding on the passwords?

        Thta's the entire point. The password is encrypted using the "home charger" key. Presumably, you'd travel with a trave

    • by Samalie (1016193)

      Actually, if Apple was smart about this, they could open up a bigass revenue stream for both themselves and 3rd parties...

      Licence the magsafe adapter (Yeah, I know, unlikely, but hear me out) for a hefty sum to a number of quality 3rd parties, but do NOT license the crypto power brick.

      That way, we, as the consumer, can purchase a non-crypto power brick to carry with us when we travel, leaving the crypto power brick safely at home where it belongs.

      Of course, this is Apple, so they'll be smart towards only th

    • by idontgno (624372)

      Kills the 3rd party accessory market. Because you won't be able to get "crypto" power blocks from anyone else.

      Which, I'm sure, Apple deeply deeply regrets. Given their broad and enthusiastic support of the accessory aftermarket.

      Let's face it. Apple learned from their failed experiment in licensing out their technologies for others to manufacture [wikipedia.org]: you don't EVER undercut your own market. If you do license it out, you make sure your license fee revenues more than compensate for the lost sales.

    • by LDAPMAN (930041)

      There is not a third party market for laptop power supplies. Only Apple makes the MagSafe connector. You do have a point for iPad and iPhone devices.

    • Or notebooks on which you can write the password and keep at home .. next to the power adaptor.

  • by chispito (1870390) on Friday January 06, 2012 @12:48PM (#38610842)
    Than a normal USB security token? It seems like a power adapter is likely to be taken with the user. A smaller token could be carried on the person of the user. Or you can just write your password on a post-it in your wallet.
    • For two factor authentication it's something you know (password) and something you have (the power cord) if both are required to use the computer. Letting one without the other log in seems less secure.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        This isn't two factor. This new adapter requires you to have either the password OR the power adapter. Since this is sort of the inverse of two factor, can we call this 1/2 factor?

      • Why not just store it on the computer, then. Something you know (password) and something you have (computer). There's no advantage to the power brick being your second authentication, as it's useless without the computer.

        This seems like a pretty cool idea until you realize that you are likely to store your adapter (password key) with the computer, and it's probably nearly as likely to be stolen along with the laptop in it's carrying case. Better to have a USB on a keyring. (Not that Steve Jobs would be cau

        • by jeffmeden (135043)

          Why not just store it on the computer, then. Something you know (password) and something you have (computer). There's no advantage to the power brick being your second authentication, as it's useless without the computer.

          This seems like a pretty cool idea until you realize that you are likely to store your adapter (password key) with the computer, and it's probably nearly as likely to be stolen along with the laptop in it's carrying case. Better to have a USB on a keyring. (Not that Steve Jobs would be caught dead with a keyring...well, I guess that's not a real argument anymore).

          Actually, he merely wouldnt be caught dead driving a car with a license plate, or parking said car farther away than the nearest handicap spot (wonder why he didnt just go full monty and park it on the grass by the doors though.) A keyring, if it were simple enough (only having one key on it, perhaps) would probably fly with him.

    • by azadrozny (576352)
      I agree. A separate USB device to store all your device passwords in one spot is better. I would prefer this to having to keep each charger paired with a specific device. I keep one or two chargers on our kitchen counter, since our phones, eReaders, MP3 players, and most other devices all charge using the same micro or mini USB connector. Power adapters for new devices get tossed in a bin in the basement, usually never to be hear from again.
    • by TheRaven64 (641858) on Friday January 06, 2012 @01:30PM (#38611404) Journal
      It's different in one very important way: you are much less likely to lose the power adaptor than the security token. You'll use the power adaptor every day or two, while you'll only use the security token when you get locked out of your device. It's like the original iPod dock: my iPod was the only mobile device I owned that never had the battery go flat. The dock plugged into my HiFi so I could listen to music at home and so I had a reason for always dropping it in the charger. Every other mobile device got plugged in when I noticed it needed charging (Apple, cleverly, no longer includes the dock, so loses this advantage).
  • by Anonymous Coward

    Password use *one way* hashing systems for a reason.

    Thank you Apple, for once again eliminating desktop security.

    • All hashes are one way because data is thrown away. You can't even reverse simple checksums like CRC32.

      This system doesn't store a plaintext password. It's like a secondary authentication system. Think SSH: You can authenticate using a password OR public key cryptography.

      • This system doesn't store a plaintext password.

        How so, if the patent has an image of a dialog saying: "Password Retrieved. Your Password is XXXXX"?

        The power adapter itself doesn't store the password, but the system does.

  • by Anonymous Coward

    So the idea may make the most sense for long-battery-life devices like iPods, iPads and iPhones

    Given the number of people I see charging up their smartphones in the office, I'd say the Apple patent people haven't quite grasped that smartphone battery life is a long way from what many people would like.

    (Also, given that most non-computer devices like iPhones charge over USB, this seems distinctly less impressive. 'Put some data on some flash memory inside the battery charger' and transmit it over the USB con

  • OK, it's a daft idea for various security related reasons -- but that's fine. People patent daft ideas all the time; doesn't mean they plan to implement them.

    What I don't get is, why bring power adapters into it? Why not patent a more general case, then if someone builds it into a power adapter, the patent covers it. If someone builds it into (say) an MP3 player, the patent covers that too.

    • by Belial6 (794905)
      Because the dongle as a general tool has been in use widely for several decades? They are patenting the specific use storing the dongle in the power brick.
  • by PSVMOrnot (885854) on Friday January 06, 2012 @12:53PM (#38610930)

    Security is only as strong as it's weakest password recovery method.

    This whole idea completely forgets that the whole purpose of your password might be to stop you little-brother/offspring/tech-illiterate-housemate (ie: anyone who lives with you) from screwing up your device.

    • You miss the point of the patent. It's to prevent other people from doing something which reads on their invention. Not necessarily to implement it themselves.

      That said, Apple will probably use this, but I doubt they will turn this into their default and only password recovery method. More likely, it will be an (expensive) optional add-on. This is direct in-house competition to all the crazy ways third parties offer to keep passwords secure for the Windows environment.

      You have taken a patent and assumed

  • ... a paper clip which is capable of encrypting eBooks.

    I suppose its better than going to the Apple store, shuffling your feet and mumbling sheepishly you somehow forgot your password, but what if I have a power adaptor and swiped your phone, can I now hack it?

    • by Asic Eng (193332)

      but what if I have a power adaptor and swiped your phone, can I now hack it?

      No you would need my adapter as well as my phone. When you set the password, then a backdoor key is stored in the adapter. You could do the same thing with any USB stick - essentially the patent is just about putting the USB stick into the power supply.

  • by slaker (53818) on Friday January 06, 2012 @01:00PM (#38611030)

    Seriously?

    Boot while holding down Apple-S
    mount -uw /
    rm /var/db/.AppleSetupDone
    shutdown -h now

    Bam. Administrator access and all the password resetting glory you need thereafter.

    I don't even have a Mac and I know how to do it. How fucking easy does it need to be?

    • Re: (Score:3, Insightful)

      by Sez Zero (586611)

      Seriously?

      Boot while holding down Apple-S

      I tried this, but it is asking for my FileVault password. Now what?

    • by iamacat (583406)

      I guess you haven't heard of FileVault.

    • by Noughmad (1044096)

      Unless whole-disk encrption is used, all data on the disk can be accessed from a LiveCD or a LiveUSB.

    • by maccodemonkey (1438585) on Friday January 06, 2012 @01:44PM (#38611614)

      "I don't even have a Mac and I know how to do it."

      Which explains why you don't know that FileVault or a firmware password (both recommended by Apple for secure machines) blocks this.

    • by jo_ham (604554)

      If you do that you lose the keychain.

      This allows you to recover your password without blowing all that out of the water.

      It will also work with full-disk-encryption FileVault.

      I know it's already trivial to reset an admin password on an OS X machine - all you need is in OS X install disc and the ability to press "C" while booting and you can change the password. It won't get you past FileVault or the keychain though.

  • Huh? (Score:5, Insightful)

    by Brooklynoid (656617) on Friday January 06, 2012 @01:01PM (#38611046)
    From TFA: "So the idea may make the most sense for long-battery-life devices like...iPhones"

    In what universe is an iPhone a "long-battery-life" device?
    • by Frankie70 (803801)

      In what universe is an iPhone a "long-battery-life" device?

      It is a long battery-life device - as long as you are holding it correctly.

    • by Speare (84249)

      In what universe is an iPhone a "long-battery-life" device?

      A laptop is only good for a couple hours away from the power adapter. If the laptop goes in a carrying case, the power adapter goes in the case too.

      A phone, even a thirsty smart phone, can last a day or two. People walk away from their power adapter for significant periods of time.

  • by volpe (58112)

    The new technique is only secure, the patent admits, in cases where the user leaves a mobile device's charger at home.

    And even then, it's only secure if nobody breaks into your home. And you'll need a separate power adapter for use outside home. Under these conditions, you can ditch the home power adapter and replace it with a piece of paper with the password written on it.

  • This is just a rather ridiculous convenience/security tradeoff for now, but it will be interesting once the enhanced power adapter becomes required.

    Think of the possibilities. Every device and accessory, even every component of the computer, could have cryptographic protection built right into the hardware in a way that cannot be reverse-engineered. A secure computer can only contain secure hardware (and vice versa), only approved devices can be connected to an approved computer, only an approved computer c

  • How about this (Score:5, Interesting)

    by mysidia (191772) * on Friday January 06, 2012 @01:18PM (#38611252)

    Put another chip in the wall outlet, that will communicate with a charger device using BPL, Data over Powerline, short range communications, RFID, or bluetooth; e.g. a "Password recovery" agent installed in a device somewhere else in the home plugged into another wall outlet, or built in to the outlet itself. wireless AP, linksys box, NAS, TVs, other home appliances would be good candidates to form a BPL-enabled self-organizing P2P network for facilitation of password recovery and theft prevention.

    Some of the devices could incorporate a GPS location reading. If the device's location has changed significantly, then it is less familiar.

    When the user logs into their computer, and authenticates, there will be a program they run on their computer to cause the power unit to "learn" which will scan the BPL or bluetooth for other devices.

    Require the presence of other "familiar" home devices, for the password recovery procedure to be initiated.

    This could also help if the charger got damaged or lost... just plug a new one in, enter the "House PIN #", and have it build the same shared secret key based on the identities of the familiar devices surrounding it that have an agreed upon shared key.

    Also, high theft-risk non-mobile devices could enter an auto-lockdown mode, if powered on and no "familiar devices" are around.

  • Makes you wonder what Apple is doing now...without your consent or knowledge.

    • by jo_ham (604554)

      What?

      You think they need a power adapter that sends a token to unencrypt a password stored on your Mac (the adapter does not have the password) to skim a password that you type into your Mac in plaintext every time you log in? Assuming, of course, that they were going to "skim" it.

  • by iamacat (583406) on Friday January 06, 2012 @01:25PM (#38611340)

    All it took is sticking a PostIt note on the side. Can I now patent moving the sticky to the inside of my closet, where it will be more secure from friends and allow me to take the charger for travel?

  • It's not going to stay "power adapter with password," that's just the simplest and most abstract (read: absent real hints of product plans) example they came up with for the purposes of the patent.

    I predict that eventually the communications will go elsewhere, for a push-button support system like OnStar for AppleCare. Subscription fees FTW!

  • You can forget many passwords. But who would forget the password for the device he uses every day?
  • So, if someone robs my home they can get all the supposedly secure information stored in my machine if they also take the charger? And this passes as secure? As you kidding me?

    If they want an external piece of hardware to unlock my computer, just make it use the IR or Bluetooth and be small - so I can keep it on my person. Other than that, it'll be pretty much useless.

  • by deblau (68023) <slashdot.25.flickboy@spamgourmet.com> on Friday January 06, 2012 @03:06PM (#38612750) Journal

    This is not a patent, this is an application publication. You can tell because it says "pub no" in the upper right corner instead of "patent no". For reference:

    Link to publication from TFA [pat2pdf.org]
    Link to a real patent [freepatentsonline.com] (believe it or not)

    TFA author can't tell the difference, which is incredibly obvious once you know what you're looking for. And a lot of applications never become a patent.

    Now that the application has published, anyone who knows of any prior art might be able to let the patent office know about it if this application isn't examined before the new law kicks in September 16 this year. See the America Invents Act [gpo.gov], section 8 (starts bottom of page 32).

  • This will surely be implemented - just like all the other Apple patents that were previously wildly discussed on Slashdot:
    - the color-changing case
    - the mouse with rotary dial
    - liquid cooled notebooks
    - et bloody cetera

    The first to find a Slashdot article about an Apple patent that actually was implemented gets my next 5 Mod-points as "Insightful", no matter how stupid their posts. Yes, even if you are one of my foes.

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow

Working...