[Tfug] Authentication procedures
James Hood
ebenblues at gmail.com
Fri Mar 20 00:01:52 MST 2009
I have a different perspective on this. I say, get rid of passwords
entirely. There is a wealth of research that shows people suck at
guarding/maintaining passwords. I remember a study showing 20% of
people would give out their password for a candy bar.
We should put authentication (and the need to guard it) in terms that
your average user can understand. I have a USB flash drive on my
physical key chain that has my private key on it. I also have a hacked
version of Putty that can look on my flash drive for private keys when
doing ssh key auth. It's really convenient, because I can go to any
Windows PC and ssh to my servers w/o typing in a password.
Wouldn't it be great if there was a standardized way for any app to do
key-based authentication, reading your private key off of your flash
drive?
That way people don't have to remember passwords and they'll guard
their software key with their physical keys. I bet less than 20% of
people would give someone their house key for a candy bar...
James
--
"The humble learn the fastest because they don't waste time on
defending a false image."
More information about the tfug
mailing list