 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Elsewhere today there was a thread mentioning StarSSL. They take an interesting approach to site security. They don't use passwords. As part of the process of getting your SSL certificate, they generate a client-side SSL certificate that you install in your browser. Thereafter, when you visit the StarSSL site over an SSL connection, it knows exactly who you are via PKI key exchange, and has no need for passwords. This tech has been built into browsers for decades, and is something banking and other high risk sites could have adopted to significantly improve their security. (You can't phish a user's password if they never enter it.) It does require a little but of setup, but the process could easily be made smoother, and pales in comparison to the cat herding task of making average consumers use password managers and generate strong random passwords. The big down side to the tech is that it isn't machine portable. At least not easily. If you are inclined to login to your bank from your tablet, in addition to your desktop, you'd have to repeat some sort of an authentication process, or otherwise figure out how to get your client key moved over there. Far from a perfect solution, but its cheaper and a better user experience than two-factor. -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
