[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] OpenID. The future of authentication on the web?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] OpenID. The future of authentication on the web?
From: Steven Rakick <stevenrakick@xxxxxxxxx>
Date: Sun, 23 Mar 2008 18:17:18 -0700 (PDT)

I'm not sure why it isn't on their home page any more.
It used to be. Their FAQ is at: 

http://www.beemba.com/faq.aspx.


On Sun, Mar 23, 2008 at 8:46 PM, Paul Schmehl
<pauls@xxxxxxxxxxxx> wrote:
> --On March 23, 2008 8:04:41 PM -0400 Larry Seltzer
> <Larry@xxxxxxxxxxxxxxxx> wrote:
> 
> >>> I understand the attractiveness of not having to
remember lots of IDs
> > and passwords, but when you give up control of
your data, you give up
> > control of your future.
> >
> > Normal people aren't going to remember enough
passwords, let alone
> > strong passwords, to make that control meaningful.
I do get your point,
> > but I bet that the best alternative is to give
them one set of
> > credentials and make it as strong as possible.
> >
> 
> I agree with your premise, Larry.  It's the solution
I object to.  The
> correct solution, imo, is one that allows the user
to retain control of
> their data.  The password managers in browsers are
an early attempt at
> this.  Mac's File Vault is another.  The correct
solution, IMO, would be
> an encrypted password vault, stored on a USB drive
and only available
> through the use of a password and some other form of
identification
> (biometric, etc.)
> 
> In other words, a combination of something you have
and something you
> know, not something someone else has and something
you know.  If I'm
> carrying my passwords in encrypted form in a device
I possess, I have
> complete control of who gets granted access to my
data, and the compromise
> of any one vendor site that I visit will, at the
worst, compromise the
> data I granted them access to.
> 
> Paul Schmehl (pauls@xxxxxxxxxxxx)
> Senior Information Security Analyst
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/
> 
> _______________________________________________
> 
> Full-Disclosure - We believe in it.
> Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
http://secunia.com/
> 


      
____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] OpenID. The future of authentication on the web?
Next by Date: [Full-disclosure] ircu/snircd remote crash vulnerability
Previous by thread: Re: [Full-disclosure] OpenID. The future of authentication on the web?
Next by thread: Re: [Full-disclosure] OpenID. The future of authentication on the web?
Index(es):
- Date
- Thread