The Cipherpod takes an RFID token and a pin and uses that to create a password - it is not multifactor authentication and cannot store any data.
But passwords suck! Why would we need something else to create more passwords when we’re trying to get away from passwords?
Passwords are 1 of 5 factors of authentication (what you know, what you have, who you are, when you are, where you are). The truth is we will never be free of passwords in our lifetimes, so this product makes passwords easier for people and harder for attackers.
Does this replace multifactor authentication?
No – multifactor remains a critical element of security. After entering your password, you should be prompted on your phone or other device for confirmation (see above, what you have is part of multifactor authentication, which we still need).
So you’re saying I need to carry a device to create a password and then another device for multifactor which I already have, so this is just another device to carry around?
The short answer is yes, but you either carry an enormous password in your brain (and fat-finger it sometimes) or you carry a device to type it in for you. This device is a little bigger than a pad of Post-It Notes and is arguably more capable – it makes dealing with passwords easier while making your password much, much stronger.
What about my password manager? It generates passwords too.
You need a password to get into your password manager. 😉
Besides, you have to be logged in to use it – password managers require an operating system. Full drive encryption is pre-boot, and logging in to your computer post-boot requires that you look up your password and then type it in, which for complex passwords can be really frustrating. Password Managers are good for websites, not for accessing your Master Password list. Besides, if your master password is your dog’s name + anniversary date, or the password manager product is compromised (which happens all the time), you’re in trouble.
So what’s with the multifactor to generate a password?
This device uses something easy to remember (a PIN) and something you have (an RFID tag). Typing in a 4-6 digit number and swiping an RFID tag is way easier than remembering a 12-14 character complex password, especially if you have to change it regularly, and it’s infinitely easier than typing a 43 character complex password for drive encryption.
This seems like overkill, my password is “MyPass123!” and it works just fine.
It works just fine now, but people only have to have their bank records or identity stolen once to never make that mistake again, so you’re essentially gambling. People need strong passwords, and once they have a strong password they still need to be able to easily change it again. Something to create and type out strong passwords for you yet is easy for people to deal with – that’s what this product does.
Speaking of overkill, who needs a 23 or even 43 character password??
Who needs security? Why use encryption at all? The answer is everyone, and if you use online banking you use encryption.
Banks for example have powerful credentials which is why individual accounts get compromised way more often than the banks do. This device puts individual passwords on the same tier as what banks use internally and yet is easier to use for everyone.
Google, Facebook, Microsoft and others offer Single Sign On, why does anybody need an overpowered password generator?
When corporations offer Single Sign On for something like Facebook or GMail, they are in control of your credentials, and when Google for example gets their SSO infrastructure compromised (which has happened), all users lose control of their data. SSO for Big Business is not the same as SSO for Facebook when you’re at home. Still, you have to enter a password for their solution anyway! It may as well be easy to change, trivial to remember and tough as nails.
This small device can’t possibly have a True Random Generator on board, it’s not really secure.
The password it generates is based on a 512 bit hash of the PIN and RFID token you provide and an onboard HMAC key – it doesn’t generate its own entropy.
Combined with your Cipherpod RFID fob, this device is undeniably the most powerful password generator tool available.
There’s a problem with devices that send passwords, such as Yubikey and others – they’re too fast. When using RDP or services over a VPN, you get characters dropped. Is this device too fast?
Fast but not too fast, it’s tested and guaranteed working over VPN, Remote Desktop / RDP and other remote applications where latency is present.
Is the Cipherpod compatible with my Yubikey?
Yes, but not in the way it’s traditionally used. Every Yubikey has its own RFID serial number and this is what the Cipherpod keys on. You can use your Yubikey for every advertised purpose and with Cipherpod out of the box.
Because it keys on the serial number, a random hotel room key is weaker than a Yubikey, but the Cipherpod-provided RFID keys are stronger (NSA-grade) because only the Yubikey serial number is used whereas our RFID keys are encoded with an additional 256+ bits of entropy.
In the end however, the resulting password is absolutely, incredibly secure.
Which model do I need, Standard or Black?
Cipherpod Black is uniquely keyed, and their provisioned RFID keyfobs must authenticate to the Black units. This is required for government/federal use, but if you lose the unit or the keys the passwords generated are absolutely gone forever.
Most people don’t need this – if you get a Cipherpod Standard and drop it in the street on the way home, just replace it with a new one and move on with your life, no harm/no foul.
Both Standard and Black units are incredibly powerful, people only need Black units when required by their business or federal officer.
Still Need Help? We’re Here!