Poll: Would you like a "Panic button" service to lock down your online accounts?
A few years ago I was one of the founders of Clickpass which offered a consumer single-sign-on service. There were lots of challenges with it. One of the overarching problems though was monetisation. It's very hard to make revenue from such a service and therefore to improve it.
Long after the company had been acquired I kept thinking about security and it occurred to me that one of the fears after an attack is worrying "what else is vulnerable". Your GMail account is compromised, what does someone get into next?
It occurred to me that it might be useful to have a "Panic button" or "Deadbolt" service which you could quickly access (after suitable authentication) and which would immediately lock down all your accounts, change their passwords and prevent any cascading attacks. You could pre-register all your accounts, even the esoteric ones you might normally forget and lock them all in via a single SMS (or similar).
I'm interested in what the sentiment of the developer community is. Is this something you would want?
26 comments
[ 282 ms ] story [ 1749 ms ] threadThe other option would be to make it a client side app, where they store the passwords locally and are responsible for their own security.
I don't know what your market looks like in terms of pay or free, I know I would not pay for it, but I am not many peoples target market. I usually an outlier when it comes to user demographics.
The thought of another service keeping my password in a reversible fashion, and transmitting that, scares me a lot.
I think ideally it needs to solve more than one problem, e.g. Make it easier for websites to handle user accounts or avoid having to handle them while not being Facebook or twitter.
So back to your service. I think there's real value here. I'm security concious. I use a password manager (1Password) and make full use of its features. I use a strong master password, but I still fear the day my laptop or iPhone are stolen. I worry that they'll find an exploit or some means to get to my password data, at which point I'm screwed. I would like to have the ability to lock down my most sensitive accounts in the event of a security breech.
The primary friction revolves around trust. In order to reset my passwords, you'd need my account info. That means my data would be in yet another centralized location. This is bad practice. My password manager is a necessary evil. Your service would be another necessary evil. I'm not sure how you'll get past that.
The service you describe is exactly what I've been looking for ever since, but the big problem is establishing trust. Being a for-money service would increase that trust for me.
Your target customer is more the savvy "consumer" computer user, the same sort of person who might subscribe to a service like LifeLock. A person who is aware of the need but not familiar enough with how security works to be confident in doing it themselves.
I would be interested in a service allowing me to change all my passwords at once. That's valuable. But not if it just makes my security worse. Trust in the company would be a major major factor. Ideally the company would be run by some known cypherpunk or other person who is morally opposed to making that deal with the government, and physically located in Switzerland or some other country where instant compliance with the United States government is less likely.
Your company and employees should also be bonded for some ludicrous amount of money, for damages resulting from any breach of your security, including intentional ones...
If your hypothetical company was incorporated in Delaware, headquartered in California, and run by some random guys who hope to win the startup lottery and sell out to McAfee or Symantec or whoever, then I can't imagine ever using your service at any price - I would perceive it as adding negative value (adding insecurity without adding security), so it would be something you'd have to pay me to use.
The US is simply not trusted to maintain privacy, regardless of where you're from. It's an incredible thought to reflect on.
I'm actually working on a privacy-centric solution in a similar vein (though I didn't quite have this feature in mind) and have a few ideas on how something like this might be monetized. I intend to pursue these ideas myself, but happy to discuss some of them with you over email, if you're interested.
If you are, <my initials> (at) nobulb.com should do the trick. :)
Very much required in times like these.
How do you activate the deadbolt without giving the ability to someone with my phone to do so?
How do you store all of my most important passwords? I don't care if someone compromises my facebook account nearly as much as bank account. Is it a bigger risk giving this single point access to all of my most important accounts?
But what about a slightly different model: Panic Button service makes deals with Facebook, Google, & other big players[1] which create channels for Panic Button to be able contact them and change passwords or lock accounts on behalf of a user, but Panic Button doesn't actually store passwords for these services?
When a user wants a lockout, they contact the Panic Button service, via at least 2-factor authentication, possibly more.
[1] No doubt rather difficult.
There are a few interesting points that have come out of this:
1. I anticipated this service appealing to someone who's afraid of computers, I did not expect such a bullish response from people who are very much in control of their machines
2. There is very good (real world) precedent for this in Lifelock who sell a somewhat shady service which packages up some free services the US government offers and then resells them as a package to consumers. The company is KP backed and has made a fortune from this.
3. People have mentioned this being a potential one-key-to-rule-them-all security vulnerability. While storing your passwords anywhere is a vulnerability, this particular one already exists in the form of "forgotten password". Most (but not all) accounts have a "forgotten password" facility which sends a login to your email. Access your email and you've accessed everything with a "forgotten password" facility
4. I believe that as @tylermenezes pointed out, one could avoid storing unencrypted passwords by using your deadbolt password as a two-way encryption key.
It would be interesting to hear the thoughts of security experts on such a solution.
I would consider using something like this if it were entirely self-hosted, and open-source. I already avoid single-sign-on; I would also avoid single-sign-off.