Full Disclosure mailing list archives
Re: OpenID. The future of authentication on the web?
From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Sun, 23 Mar 2008 20:56:54 -0400
The correct solution, IMO, would be an encrypted password vault,
stored on a USB drive and only available through the use of a password and some other form of identification (biometric, etc.) What about kiosks and other situations where it wouldn't be secure to allow arbitrary people to insert USB keys? This vault requires a support system of some kind; does there need to be software on the system to read it? Do you trust that software? This also presents the problem of when the user loses the key or if it fails. They had better have a backup of it. A service doesn't have any of these problems. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: OpenID. The future of authentication on the web?, (continued)
- Re: OpenID. The future of authentication on the web? fabio (Mar 23)
- Message not available
- Re: OpenID. The future of authentication on the web? Kern (Mar 23)
- Re: OpenID. The future of authentication on the web? Petko D. Petkov (Mar 23)
- Re: OpenID. The future of authentication on the web? reepex (Mar 23)
- Re: OpenID. The future of authentication on the web? Petko D. Petkov (Mar 24)
- Re: OpenID. The future of authentication on the web? Paul Schmehl (Mar 23)
- Re: OpenID. The future of authentication on the web? Larry Seltzer (Mar 23)
- Re: OpenID. The future of authentication on the web? Paul Schmehl (Mar 23)
- Re: OpenID. The future of authentication on the web? Larry Seltzer (Mar 23)
- Re: OpenID. The future of authentication on the web? Paul Schmehl (Mar 23)
- Re: OpenID. The future of authentication on the web? Larry Seltzer (Mar 23)
- Re: OpenID. The future of authentication on the web? Pedro Hugo (Mar 24)
- Re: OpenID. The future of authentication on the web? Paul Schmehl (Mar 24)
- Re: OpenID. The future of authentication on the web? reepex (Mar 23)
- Re: OpenID. The future of authentication on the web? Kurt Buff (Mar 23)
- Re: OpenID. The future of authentication on the web? John C. A. Bambenek, GCIH, CISSP (Mar 24)
- Re: OpenID. The future of authentication on the web? Larry Seltzer (Mar 24)
- Re: OpenID. The future of authentication on the web? John C. A. Bambenek, GCIH, CISSP (Mar 24)
- Re: OpenID. The future of authentication on the web? Petko D. Petkov (Mar 24)
- Re: OpenID. The future of authentication on the web? John C. A. Bambenek, GCIH, CISSP (Mar 24)
- Re: OpenID. The future of authentication on the web? Petko D. Petkov (Mar 24)
- Re: OpenID. The future of authentication on the web? John C. A. Bambenek, GCIH, CISSP (Mar 24)