watch
The main companies can do a simple firmware with 6 digit pin code.
The main companies can do a simple firmware with 6 digit pin code.
I saw this earlier today. I would be game for an unlock pin like they mentioned (on timer to reset, of course).
Another factor is to make it fool proof. Pay hackers to see if a software could be developed to figure out the code and if it WAS actually possible, then brainstorm again to figure out a way that it can't be hacked. Any time hackerts DID find a way, companies would release additional firmware security fixes.
This idea has problems people haven't thought out, e.g. Tesla's cars locked due an over the air software update, or malicious owners setting a PIN, disabling it for 24 hours just before sale, then reporting the camera stolen. Even fingerprints aren't fool proof. As an extreme example, a relative lost his hand in an accident. Now you have two options - tell customers that in such case their equipment (possibly worth thousands of dollars) is bricked, or make a workaround. You can bet your *** thieves will learn about the workaround real quick.
Its so simple. But as Tony said, maybe companies depend on gear getting stolen so you have to buy a new one...
I once worked with network cameras where the password was stored in such a way that it couldn't be erased by a factory reset. So if you forgot your password you had to get a replacement mainboard or swap out the complete camera.
Making good security user friendly or practical is a hard problem
We’re talking about Tony N. here, clickbait goes without saying.[..]making up a conspiracy theory about companies making money by making their equipment easy to steal, followed by a suggestion to copy the imperfect schemes used by other companies, a.k.a clickbait.
Which usually ends with owners writing down passwords someplace accessible & easy to guess.
Same with credit card PINs since it became mandatory to enter it to pay. People write the PINs down in their phonebook, or change the PINs on all the credit cards to be the same memorable number, etc, making thieves' lives easier.
Definitely harder than making up a conspiracy theory about companies making money by making their equipment easy to steal, followed by a suggestion to copy the imperfect schemes used by other companies, a.k.a clickbait.
I once worked with network cameras where the password was stored in such a way that it couldn't be erased by a factory reset. So if you forgot your password you had to get a replacement mainboard or swap out the complete camera.
Making good security user friendly or practical is a hard problem, especially in a field where people get very upset on the interwebs if the EVF takes 1 millisecond to turn on.
When every single damn site you go to insists you create an "account" to do anything, it's no wonder people re-use passwords. No one can remember 100 strong passwords, especially for places they go to less than once a year.
I deal with this by going to places that let me check out as guest, using a password manager, and using pass phrases where possible. Yeah those end up being 30 characters long but at least you can effing remember them.
Then some websites are moronic and don't accept certain special characters so I had to create C-variant with more commonly accepted special characters. And what made that worse, after using C for some 10 years, some websites started to restrict 3 continuous alphabet (e.g. abc), and I didn't even notice my random set actually did have such set in between, until one website said can't use such password. So for those websites I had another C-variant with slightly different random set.
What irritates me are the ones that won't tell you what the rules are until you enter a non-compliant password, which will then tell you one rule (out of several) that you violated. If I *am* using a password manager and have it randomly generate something, I then have to do so over and over again until the dipshit who wrote the code is satisfied.
Yes, exactly. For 90% of the time when I can't remember the password, if they just told the rules at that point I would probably be able to guess what variation I used.
Or actually going the reverse of good practice and limiting the size of a password to something not particularly long. I recently cam across a site that wanted my password to be 16 or less characters - of course telling me this only after trying one that was longer.I was thinking more of something that would tell you, oh, you can't use THAT character (e.g., a semicolon) or an embedded space or... but only AFTER you tried to use it. But then there's also you typing in a password then having it tell you, oh, you need at least one digit, then oh, you need at least one special character.