Quote:
Originally Posted by bloozemanAZ
That is absolutely poor advice as once the Connected Drive account is linked with the car anybody with the password can access the car via the iOS/Android app. My last 3 years of my past gig was all around IoT (aka Internet of Things) security and this basically falls into that camp. The consideration is that this is one area in which hackers are actively targeting as their surface area along with the obvious financial services, retail and healthcare.
|
My role is perhaps even a little more focused... and I couldn't agree more.
A world without passwords is better and achievable even today to a limited extent, but we're just not yet there for many/?still-most? non-local authN scenarios; in the meantime, complex passwords are a necessity.
// FOREWARNING--boredom potential high
: @those that understand digital identity even a little: most credible identity systems (Active Directory being akin to my own child and one that I designed/built for many years) don't actually store any knowledge of the real password--that's not an embellishment, we literally have no idea what it was originally. The process that takes us from [no idea <-> to being able to validate it, nonetheless] is called hashing (or message digest) and is used as part of a larger suite of cryptographic operations that occur when you logon. There's nothing in this process--literally nothing--that could give a $hit about any of the characters used in a plaintext password string... so why the hell does BMW apparently care? I don't know, but it doesn't fill me with confidence...