>>The correct solution, IMO, would be an encrypted password vault, stored on a USB drive and only available through the use of a password and some other form of identification (biometric, etc.)
What about kiosks and other situations where it wouldn't be secure to allow arbitrary people to insert USB keys? This vault requires a support system of some kind; does there need to be software on the system to read it? Do you trust that software? This also presents the problem of when the user loses the key or if it fails. They had better have a backup of it. A service doesn't have any of these problems. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
