[Info-vax] OpenVMS x64 Atom project

[Stephen Hoffman]

On 2021-06-07 18:11:32 +0000, Dave Froble said:

> First, do away with passwords.  Don't some phones now need a 
> fingerprint to access?

Various Apple iPad, iPhone, and Mac models use biometrics (Face ID, or 
Touch ID) as a means to reduce the frequency of prompting for the 
passcode or password.

But not to replace the password.

All of those models do require a passcode or password for access, and 
use the passcode or password for access to the key used for data 
encryption and decryption; what Apple calls accessing a "keybag".

As for alternatives to passwords, we're getting closer with RFID 
proximity tags and other tools. But we're not there yet.

Digital certificates are also effectively gonzo-length passwords with 
some extra added math, and certificates aren't going away any time soon.

> Guess that data could be copied, and used.

That storage is part of what the so-called secure enclave is used for 
with Apple devices; to make access to biometric data more difficult.

There've been discussions around here about password and certificate 
protections and storage for OpenVMS, and about support for SGX and TPM 
enclaves for secure computing and secure storage, but that's not (yet?) 
on the VSI roadmap.

Biometrics can have pitfalls, too. Face ID can mis-detect close family 
members, just to keep things interesting.

> Remote access is always an issue, and it just ain't going away.

Multi-factor authentication somewhat reduces the risk of getting 
phished, among other approaches.  There are various apps that permit 
phones and watches to provide a second factor for a login, too.

> Then, one must convince the management to cough up the funds for such 
> things.  That ain't gonna happen.  At least not before lots of pain.

Incremental changes are hopefully typical, for apps that are actively 
maintained.

But yes, there are a lot of insecure apps around on OpenVMS, and 
insecure OpenVMS configurations.


-- 
Pure Personal Opinion | HoffmanLabs LLC