[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] OpenID. The future of authentication on the web?
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] OpenID. The future of authentication on the web?
- From: Paul Schmehl <pauls@xxxxxxxxxxxx>
- Date: Mon, 24 Mar 2008 10:14:05 -0500
--On Sunday, March 23, 2008 20:56:54 -0400 Larry Seltzer
<Larry@xxxxxxxxxxxxxxxx> wrote:
>>> The correct solution, IMO, would be an encrypted password vault,
> stored on a USB drive and only available through the use of a password
> and some other form of identification (biometric, etc.)
>
> What about kiosks and other situations where it wouldn't be secure to
> allow arbitrary people to insert USB keys?
You allow read-only access to USB keys.
> This vault requires a support
> system of some kind; does there need to be software on the system to
> read it?
Easily done on thumb drives that now contain gigs of memory.
> Do you trust that software?
>
No, but then I don't trust any software.
> This also presents the problem of when the user loses the key or if it
> fails. They had better have a backup of it. A service doesn't have any
> of these problems.
>
That's a weak excuse for avoiding responsibility. Technology cannot solve
every problem. Nor should it. At some point *people* have to learn how to
properly use computers and the internet, just as they had to learn how to
properly operate and maintain vehicles.
--
Paul Schmehl (pauls@xxxxxxxxxxxx)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/