On 07/29/2013 05:08 PM, Tom Metro wrote:
I'm guessing the feature is underutilized not because it is viewed as insecure, but because 1. developers just aren't aware of it,
I was once working on a project for an embedded device and part of the layers of security was a client certificate that needed to be installed. It was only one part.
Sure, but which is an easier task: teaching grandma how to use Keepass to shuttle credentials between two applications, or fixing flaws in Firefox's security architecture (if any[1]) such that private keys are held securely?
Far easier and more secure to tell grandma to keep her passwords on paper. Nothing to teach beyond to note each site, and the username and password. Oh, and something about each password containing some parts that are truly random. Give grandma an attractive little notebook and a pair of dice. If the two of you want to get really fancy, have her work out a simple obfuscation that is applied to each written password.
No need to swoop in in ten years when the security landscape changes and today's technical solution is no longer a good solution.
Sometimes really good computer security components are really, really old technology.
-kb _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
