LinkedIn password database compromised
James Snow
snow at teardrop.org
Thu Jun 7 13:22:40 UTC 2012
On Wed, Jun 06, 2012 at 11:14:58PM -0700, Aaron C. de Bruyn wrote:
>
> Imaging signing up for a site by putting in your email and pasting
> your public key.
Yes! Yes! Yes!
I've been making this exact argument for about a year. It even retains
the same "email a link" reset mechanism when someone needs to reset
their key.
A common counter-argument is, "But ordinary Internet users won't
understand SSH keys." They don't need to! The idea is easily explained
via a lock-and-key metaphor that people already understand. The UI for
walking users through key creation is easily imagined.
-Snow
More information about the NANOG
mailing list