Multi-Factor Authentication to be added to @PasswordBox within the next few weeks.

PasswordBoxPasswordBox will be stepping up their own security with multi-factor authentication in under a month.

In an interview on Category5 Technology TV held Tuesday May 13, 2014, François Proulx, Security Engineer for PasswordBox, revealed that the popular cloud-based password management system will be introducing sophisticated multi-device multi-factor authentication in June 2014.

While no specific date was given, Mr. Proulx’s statements make it clear that the important security feature will be coming soon.

“It is literally a few short weeks away from now, I would say our goal is to put it in production in our products in June [2014],” says Mr. Proulx. “We’ve pretty much completed the design aspects of it. I’ve reviewed the security. We are just right now dispatching the various tasks to each and every team. Obviously we don’t want to rush things too fast because we want to ensure the quality of our product. But it is coming very, very soon.”

“One thing we’ve announced recently is integration with the new Samsung S5, which has a fingerprint scanner. So that already exists for the Android version of our app. Also, we’ve announced integration with the NYMI bracelet which detects your heartbeat,” explains Mr. Proulx. “Biometrics as an area of research is something we’re putting a lot of focus on.”

Mr. Proulx didn’t go into a lot of details as to the available options that will be coming to PasswordBox in order to provide multi-factor authentication, but stated, “Let me just say that it will be very, very similar to what Google does. So if you look at the way Google does it, or Yahoo, it will be modeled in a very similar fashion.”

The interview, which was geared toward advanced viewers, covered a wide gamut of topics surrounding the functionality of PasswordBox and how it ensures your passwords are safe from hackers and even Government agencies such as the National Security Agency (NSA).

“What is stored in our database for each and every user’s accounts is only encrypted data,” explains Mr. Proulx. “The critical assets, such as the password assets and also all the wallet items … those are all encrypted in a blackbox manner. So what we receive on the server side is an opaque blob that we then store and then later sync across all the devices.”

He further explains in excellent detail that due to the architecture of the PasswordBox system, only a person with your master password can then decrypt this blob of information. Therefore, nobody at PasswordBox, nor the NSA or any other government agency has access to your data.

PasswordBox recommends using a very strong master password to ensure this is the case.

You can watch the full interview on YouTube:

Edit: May 22, 2014 – Added quotes about the methods of multi-factor authentication (such as the fingerprint scanner or NYMI).

Mobile Site 4.0 … Coming Soon

A new mobile site rewrite for Category5 Technology TV will soon be gracing your smartphone and tablet!

I received a note from one of our viewers who recently found us on Roku, but wanted to take Category5 on the go with him…

Well, that’s kind of annoying for BlackBerry users, isn’t it?

I had a good close look at the mobile site back-end, and man-oh-man, it’s getting old.

I think as a developer, it’s hard not to want to go back and rewrite everything you’ve created about once per year. That’s how fast the technologies change it seems, and the way I was coding a year ago is much different from the way I code now.

The current (old) mobile site uses flat-file delivery powered by a database backend. Your mobile device must preload all textual resources, and then it loads the images and videos when you navigate around. But the architecture forced me to hold back some features at the time.

The episode list on our mobile site version 3.1.

The episode list on our mobile site version 3.1 contains the most recent 53 episodes.

For example, the mobile site (versions 1-3) have always been restricted to the past year’s worth of videos. That’s all that was practical since your device would have to preload all the text for each episode.  Loading all 7 seasons was not possible because it would just take way too long to load, and it’s already much too slow for my liking.

I also had to restrict the amount of images and overall weight of the mobile site since many assets were preloaded at launch. Preloading 53 videos is horrible for performance, and this is not a well optimized way to do things.

So, all that said, Tony’s message and my review of the code drove me to want to redesign the mobile site infrastructure and front-end from the ground up.

There are a few things that come into play, but the big one is that I recently developed the entire infrastructure to bring Category5 to the Roku platform. So I am able to tap into new, optimized database functions that didn’t exist even 3 months ago. Features such as separation of episodes by season, and having access to our entire library of videos, including our “Special Features” category which was introduced specifically for Roku, but now can be migrated to other platforms such as our mobile site.

Out the gate though, a rewrite means implementing greatly improved programming techniques such as AJAX data loading on the mobile platform… so I can rewrite the code so each episode’s text only loads after you click on it. I’ll also stop all these videos from preloading. All this means is that we can offer a million videos if we want, and the site will still load just as quickly as if there were only 5 videos. The ability to load data through AJAX has existed for a long time, but my skill-set has grown with regards to its implementation, so I am now capable of much more than I was a year ago.

The greatly improved episode list on version 4β of our mobile site.

The greatly improved episode list on version 4β of our mobile site features all available episodes (345 at the time of writing).

The biggest and most exciting thing to me about this change in programming style is that I can include all episodes in the mobile site.  Not just the past year’s worth. It also opens us up to eventually including other features, such as the aforementioned “Special Features”.

Do more with less. That’s what version 4 represents.

So keep your eyes on our mobile site. I’ll announce it when it’s launched, and hopefully it’ll even work on BlackBerry.  🙂

-Robbie