Quote:
Originally Posted by limeypride
My role is perhaps even a little more focused... and I couldn't agree more. 
A world without passwords is better and achievable even today to a limited extent, but we're just not yet there for many/?still-most? non-local authN scenarios; in the meantime, complex passwords are a necessity.
// FOREWARNING--boredom potential high  : @those that understand digital identity even a little: most credible identity systems (Active Directory being akin to my own child and one that I designed/built for many years) don't actually store any knowledge of the real password--that's not an embellishment, we literally have no idea what it was originally. The process that takes us from [no idea <-> to being able to validate it, nonetheless] is called hashing (or message digest) and is used as part of a larger suite of cryptographic operations that occur when you logon. There's nothing in this process--literally nothing--that could give a $hit about any of the characters used in a plaintext password string... so why the hell does BMW apparently care? I don't know, but it doesn't fill me with confidence... |
Absolutely SPOT ON (as I live in the world of certificate based authentication, hashing plus salt, etc.). So to your point in regards to Connected Drive's password usage it obviously done so in plain text (hopefully at least via an encrypted TLS tunnel over the wire). Didn't call that out in my last update with my password change, etc. as per the boredom being potentially high.
In fact with iDrive 7 and digital keys (in essence a certificate based solution) BMW should drive down that road (pun intended) vs passwords as a whole. However, then you enter the IT software paradox dilemma of backward compatibility still leading to the need for passwords. However, if done right it's the hash/digest vs the obvious plain text in use today!