nanog mailing list archives
Re: How to fix authentication (was LinkedIn)
From: Alexander Harrowell <a.harrowell () gmail com>
Date: Thu, 21 Jun 2012 13:23:50 +0100
On Thursday 21 Jun 2012 04:16:22 Aaron C. de Bruyn wrote:
On Wed, Jun 20, 2012 at 4:26 PM, Jay Ashworth <jra () baylink com> wrote:----- Original Message -----From: "Leo Bicknell" <bicknell () ufp org>Yes, but you're securing the account to the *client PC* there, not
to
the human being; making that Portable Enough for people who use and borrow multiple machines is nontrivial.Or a wizard in your browser/OS/whatever could prompt you to put in a 'special' USB key and write the identity data there, making it portable. Or like my ssh keys, I have one on my home computer, one on my work computer, one on my USB drive, etc... If I lose my USB key, I can revoke the SSH key and still have access from my home computer. And I'm sure someone would come up with the 'solution' where they store the keys for you, but only you have the passphrase...ala lastpass. -A
As far as apps go, loads of them use OAuth and have a browser step in their setup. So this adds precisely one step to the smartphone sync/activation process - downloading the key pair from your PC (or if you don't have a PC, generating one). that covers vendor A and most vendor G devices. "what about the feature phones?" - not an issue, no apps to speak of, noOp(). "what about [person we want to be superior to who is always female for some reason]?" - well, they all seem to have iPhones now, so *somebody's* obviously handholding them through the activation procedure. obviously vendor A would be tempted to "sync this to iCloud"...but anyway, I repeat the call for a W3C password manager API. SSH would be better, but a lot of the intents, actions etc are the same.
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Re: LinkedIn password database compromised, (continued)
- Re: LinkedIn password database compromised Rich Kulawiec (Jun 21)
- RE: LinkedIn password database compromised Keith Medcalf (Jun 23)
- Re: LinkedIn password database compromised Michael Thomas (Jun 23)
- Re: LinkedIn password database compromised AP NANOG (Jun 20)
- How to fix authentication (was LinkedIn) Jay Ashworth (Jun 20)
- Re: How to fix authentication (was LinkedIn) Kyle Creyts (Jun 20)
- Re: How to fix authentication (was LinkedIn) valdis . kletnieks (Jun 20)
- Re: How to fix authentication (was LinkedIn) Kyle Creyts (Jun 20)
- RE: How to fix authentication (was LinkedIn) Drew Weaver (Jun 20)
- Re: How to fix authentication (was LinkedIn) Aaron C. de Bruyn (Jun 20)
- Re: How to fix authentication (was LinkedIn) Alexander Harrowell (Jun 21)
- Re: How to fix authentication (was LinkedIn) AP NANOG (Jun 21)
- Re: How to fix authentication (was LinkedIn) Ben Jencks (Jun 21)
- Re: How to fix authentication (was LinkedIn) Randy Bush (Jun 21)
- Re: How to fix authentication (was LinkedIn) Christopher Morrow (Jun 21)
- Re: How to fix authentication (was LinkedIn) AP NANOG (Jun 22)
- Re: How to fix authentication (was LinkedIn) Leo Bicknell (Jun 22)
- Re: How to fix authentication (was LinkedIn) Kyle Creyts (Jun 23)
- Re: How to fix authentication (was LinkedIn) AP NANOG (Jun 25)
- Re: LinkedIn password database compromised Rich Kulawiec (Jun 21)
- Re: LinkedIn password database compromised Dave Hart (Jun 21)