View Single Post
Old 24 September 2018, 09:10 PM
Richard W's Avatar
Richard W Richard W is offline
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 26,443

Originally Posted by Lainie View Post
Obtains my existing what? I mean yeah, if someone steals g-your device while that setting is on **and** you're logged in, that's a risk.
I meant device, yes. I also meant that in some cases, it's probably quite easy to log in to one's device, at which point all the saved passwords and security information would be readily available.

My current laptop supposedly recognises my fingerprint. Sometimes it doesn't, for example when I've just got out of the bath and it's a bit wrinkly, but on the whole, it does, and so it should be secure. I've not run the reverse test by trying to get anybody else to unlock it with a fingerprint, but I'll take it on trust that it wouldn't work. However, there's still both a password and a PIN backup... I used a decent password (one that I'd not used before and almost forgot myself) but the PIN is not very secure. I should probably remove the PIN option, in fact, but when I was setting it up, it prompted me to add a PIN and so I did. That's the current weakest link on my laptop, and it's not one I had on my last laptop.

My phone also uses a PIN, and that's also weak. It would be stronger if I used a longer number, I suppose... but either way it's not as weak as the swipe option (also based on four digits, so far as I can see) as many people use. I could get into most of my friends' phones just by paying more attention as I sat next to them, and (if they watched me type my PIN) they could do the same to mine. The reason I still prefer typing to swiping is that swiping leaves a visible, physical trail on the screen that typing doesn't.

And these days, once you're in to somebody's phone, you've probably got access to everything else as well. Especially if you're using something like a Chromebook, which is explicitly controlled by Google. But even if you use any sort of cloud-based service such as gmail, Google Drive, Slack or others, and even if you're reasonably aware of this stuff and aren't just clicking "Sign up with Facebook!" on everything.

I've been surprised myself about how much of my personal information has suddenly been available on completely unrelated devices without my intent. I think the most alarming was when, four or five years ago, I decided to check my personal gmail account at work, looked at the email, went back to Chrome (the browser I preferred at the time) and found that it had tried to import all my personal bookmarks from my machine at home into my work browser. I stopped it from doing so - or reversed it, as I think it had already done so before I realised - but the very fact that it had tried to do so was alarming to me. And still is...

(eta) On top of that, half the time I don't even need to log in to my laptop when it activates... if I tell it to sleep, I probably do need to log back in, but if I don't, sometimes it just wakes up again and is already logged in. Maybe I push the button with the right finger to activate the fingerprint analysis, but I'm sure it also sometimes happens just from clicking the mouse. I haven't worked that behaviour out yet, either. And I don't explicitly log out of my laptop, or even tell it to sleep, every time I stop using it for a while.

Last edited by Richard W; 24 September 2018 at 09:18 PM.
Reply With Quote