How to fix authentication (was LinkedIn)

Wed Jun 20 23:36:00 UTC 2012

There should be a way to authenticate the same user differently depending on what device they're using and tie it all together in a central place; of course if that central place gets compromised it would be horrible..

Still, I think it would help if you use the same password on every site if your browser could encrypt or hash the password before it sends it to the website.

That way at least if the website doesn't properly store the passwords they'll be encrypted anyway =)

-Drew

-----Original Message-----
From: Jay Ashworth [mailto:jra at baylink.com] 
Sent: Wednesday, June 20, 2012 7:27 PM
To: NANOG
Subject: How to fix authentication (was LinkedIn)

----- Original Message -----
> From: "Leo Bicknell" <bicknell at ufp.org>

> SSL certificates could be used this way today.
> 
> SSH keys could be used this way today.
> 
> PGP keys could be used this way today.
> 
> What's missing? A pretty UI for the users. Apple, Mozilla, W3C, 
> Microsoft IE developers and so on need to get their butts in gear and 
> make a pretty UI to create personal key material, send the public key 
> as part of a sign up form, import a key, and so on.

Yes, but you're securing the account to the *client PC* there, not to the human being; making that Portable Enough for people who use and borrow multiple machines is nontrivial.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274