BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] eliminating passwords

Subject: [Discuss] eliminating passwords
From: kentborg at borg.org (Kent Borg)
Date: Mon, 29 Jul 2013 09:06:49 -0400
In-reply-to: <51F5E656.8080209@gmail.com>
References: <51F5E656.8080209@gmail.com>

On 07/28/2013 11:49 PM, Tom Metro wrote:
> Elsewhere today there was a thread mentioning StarSSL. They take an
> interesting approach to site security. They don't use passwords. As part
> of the process of getting your SSL certificate, they generate a
> client-side SSL certificate that you install in your browser.

Now I have to trust that my browser will keep that file securely. Steal 
that file and you are in.  It doesn't solve the problem, but shifts it 
to a little used feature browser that is likely little audited for 
security and might be full of holes.

-kb

Follow-Ups:
- [Discuss] eliminating passwords
  - From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] eliminating passwords
  - From: blu at nedharvey.com (Edward Ned Harvey (blu))

References:
- [Discuss] eliminating passwords
  - From: tmetro+blu at gmail.com (Tom Metro)

Prev by Date: [Discuss] password strength
Next by Date: [Discuss] password strength
Previous by thread: [Discuss] eliminating passwords
Next by thread: [Discuss] eliminating passwords
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org