EFF filed an amicus brief in Davis, and we were gratified that the court’s opinion closely parallels our arguments. The Fifth Amendment privilege prohibits the government from coercing a confession or forcing a suspect to lead police to incriminating evidence. We argue that unlocking and decrypting a smartphone or computer is the modern equivalent of these forms of self-incrimination.
(25.2.2019) Google and the Fast Identity Online Alliance said Monday that Android is now FIDO2-certified, meaning its devices can use fingerprints and security keys for logging in to accounts instead of passwords. The certification was unveiled at Mobile World Congress in Barcelona, Spain.
FIDO supports a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE), smart cards, and near field communication (NFC). The USB security token device may be used to authenticate using a simple password (e.g. four-digit PIN) or by pressing a button.
(21.11.2018) Microsoft’s corporate veep of all things identity, Alex Simons, trumpeted that the 800 million people who use a Microsoft account will now be able to sign in without username or password.
(28.2.2019) The FIDO2 standard comprises the World Wide Web Consortium’s (W3C) Web Authentication specification and the corresponding Client to Authenticator Protocol (CTAP) from FIDO Alliance. Together these initiatives create an ecosystem of compliant devices that can easily authenticate themselves to online services.
Under the Customs and Excise Act 2018 which comes into force this week visitors who come under suspicion by officers must hand over their New Zealand so that mobile phones and other electronic devices can be searched.
But due to an error with the system, apparently passwords were being saved in plain text to an internal log, instead of masking them with the hashing process. Twitter claims to have found the bug on its own and removed the passwords.