[Discuss] eliminating passwords
Kent Borg
kentborg at borg.org
Mon Jul 29 09:06:49 EDT 2013
On 07/28/2013 11:49 PM, Tom Metro wrote:
> Elsewhere today there was a thread mentioning StarSSL. They take an
> interesting approach to site security. They don't use passwords. As part
> of the process of getting your SSL certificate, they generate a
> client-side SSL certificate that you install in your browser.
Now I have to trust that my browser will keep that file securely. Steal
that file and you are in. It doesn't solve the problem, but shifts it
to a little used feature browser that is likely little audited for
security and might be full of holes.
-kb
More information about the Discuss
mailing list