I tell this story a lot. But I think in the time of smartphones and such it also represents the only real secure site I thought was truly secure from what I knew of it. This was before smartphones were common, but I think it was ahead of its time in that way.<p>I worked for a company that occasionally would service some of our hardware onsite. One customer was a company that did a lot of work for the military and they had "that site" that a few folks visited. Here was how that worked:<p>Nothing except your body and your clothes left the site, anything you brought stayed onsite (laptops that we brought onsite were left behind / effectively disposable, later you couldn't even bring those, they provided one). All that stuff belonged to the military / whomever you interacted with at the site.<p>No electronics, cameras, etc that were not previously improved were allowed and you were told you would not be leaving anytime soon if you had something "unexpected or unauthorized".<p>It was highly suggested that nothing was in your rental car other than your keys, the equipment you needed as they searched the car and the folks would take what they wished.<p>If you realized you had something you didn't want to in the car it was highly suggested you do not turn around if you are at all close to the location and to drive up and immediately tell them you dorked up and brought something. This was a fairly remote location so the probabbly knew you were coming before you saw the gate and the guards didn't like surprises.<p>Upon arrival you parked, were blindfolded and driven from the gate to the site, you never actually saw the outside of the site until you were in the building. You were never alone at anytime. Trips to the bathroom while at the site were monitored... in person by a guard with a rifle.<p>Now all that sounds ominous but everyone reported that the folks there were very professional (not friendly but professional).<p>The point of that whole story was that even a while ago someone said "any electronics" were a threat and decided that they had to go to extremes to limit their access. Still today I think that was the closest to a "sure" policy.
I always thought that Android's 3x3 dot pattern draw password thing was superior against these type of over the shoulder attack, as long as you turn off the tracing effect. Without tracing and if you do it quickly, it just looks like you’re dragging your thumb randomly all over the phone.
If I were giving a security recommendation to famous people and congresspeople I would recommend using a password like this. You might think it’s incredibly insecure, but imagine this GIF contained that 6 digit number that the congressman uses for all of his accounts. Suddenly, a ton of other services and passwords are vulnerable to an attacker.<p>In reality a lot of iPhones now require authentication at the app level for apps that have sensitive data.<p>To each his own, but knowing how public you are and how many people would want your passcode, I think the best practice is to use something dumb like 6 of the same keys.
The problem isn't the password or the camera that captured it.<p>The problem is that the phone required a password in that scenario-- same user, phone never left his vicinity, probably not a long interval between uses. Being more selective about when to require a master password is a better protection model IMHO.
I wonder what AI tech is being developed around detecting pin code entry on phones using passive CCTV networks.<p>If you process the feeds for public transit security cameras, I wouldn't be surprised if you can read the pin codes for a huge swath of the population. It would also reduce the need for law enforcement to try to get a suspect to tell them their passcode. Just look up that time they rode the subway 3 weeks ago and watch them enter it.
That is a iPhone X like device, which only has Face ID or a PIN.<p>A PIN is more secure than a fingerprint and Face ID. But at least use a combination of either one with a PIN to make it more secure.<p>Since the device was already on and it directly showed the PIN screen, Face ID is disabled and instead he chooses to only use a very very weak PIN.<p>Oh dear.
I don't lock my phone at all. Never have. However, with the new iPhones that don't have a home button, I believe that Apple is forcing you to either use face unlock or a passcode. There is no choice to just leave it unlocked.<p>So, as soon as my iPhone 6s stops working, I will have to choose to: 1) Give in and use my face to unlock. 2) Use a dumb passcode like 000000. 3) Upgrade to the newest iPhone that still has a home button (I think iPhone 8) or 4) Become and Android user.
I worked for a well known company today, many years ago when it was smaller. When the IT team created new accounts for employees, it was the standard Pa$$word password for everyone. It was up to the user to change their password. They had no password rotating rules or requirements.<p>Anyway, many years later after I started, IT hires a person who wants to do good while in IT. This person discovers the CEO is still using the day one password he was given. The IT person decides to email the CTO, the director of IT, and the head of HR warning them the CEO is still using his default password.<p>I’m not clear what exactly the wording was, but the IT person skipping over the chain of command was bad enough it got them fired.
I'm not an iPhone user but I thought that Apple warned you about this kind of password. It was covered quite a bit when Kanye was caught with a 000000 password when meeting with Trump.<p><a href="https://www.cnet.com/news/kanye-west-meets-with-trump-reveals-iphone-passcode-is-000000/" rel="nofollow">https://www.cnet.com/news/kanye-west-meets-with-trump-reveal...</a>
And yesterday over a dozen members of Congress barged into one of the Congressional versions of this site without authorization and while recording video, audio, and taking photos on their personal smartphones.<p>Here is a Twitter thread about why that is such a problem:<p><a href="https://twitter.com/MiekeEoyang/status/1187032800572125191" rel="nofollow">https://twitter.com/MiekeEoyang/status/1187032800572125191</a>
111111 is perfectly acceptable for a phone password. His password was just broadcast to the entire world; at least using 111111 means that he doesn't have any illusions about how secure it is.<p>Phone passwords are for protecting things from your family.