A newly granted patent would allow owners of Apple devices to retrieve passwords by connecting to a specific peripheral, potentially eliminating the need for traditional recovery methods.
The U.S. Patent and Trademark Office revealed on Tuesday that Apple was awarded U.S. Patent No. 8,429,760, which covers "a system and method for storing a password recovery secret." The patent, originally filed for in July of 2010, details a system that would tie part of the password recovery process to "a commonly associated peripheral device," such as a power cord.
The filing notes that in existing password recovery methods, users have number of possible options, including logging in as an administrator to reset the password or to enter a password recovery phrase. These are incomplete, the filing argues, as users can forget the particulars of any one answer. Biometrics, too, are insufficient, as the user may be absent — or even dead — when the password needs resetting.
Apple's proposed recovery process would not work with just any given power cord. Instead, specific information would be stored on the peripheral, possibly in the form of a universal unique identifier (UUID) that would allow the computer to know that the person trying to access it was in fact the rightful owner.
The filing gives a number of possible peripherals that could serve as a password protector, including printers, portable hard drives, wireless routers, flash drives, smartphones, and external monitors. Using such a device, the filing says, would protect against unwarranted access using the recovery method, since a user would be less likely to take, say, a printer or power cord out with them where a device could get stolen.
The filing has yet to materialize as a feature in any Apple products, but the groundwork for its implementation could already exist. Apple's Lightning connector standard, unveiled in September, is known to contain embedded authentication chips allowing Apple to identify manufacturers. The standard also allows for additional component embedding, as is the case with Apple's Digital AV Adapter for Lightning connectors, which features a complete ARM system on a chip with 256 megabytes of RAM.
This sort of device-specific authentication was also hinted at by Bruce Tognazzini — who created Apple's Human Interface Guidelines — when he opined earlier this year about the possibilities of an Apple iWatch. The iWatch, Tognazzini wrote, would allow for simple two-factor authentication much in the way described in the patent, which also mentions "a mobile device" among the possible peripherals that could initiate the password recovery feature.