Dnia 26.01.2020 o godz. 23:03:35 Brandon Long via mailop pisze: > > Passwords are terrible and completely broken. They are generally poorly > chosen, > weak, and re-used. The result is extreme levels of hijacking. On top of > that, people > forget their passwords and this isn't something like your home electricity > bill or even > your bank... how does Google know it's you?
If we are at this topic, I wonder since long time why none, literally none publicly available Internet service where users' private data is stored and needs to be protected, has implemented certificate-based login. This is a solution that already exists for long time, is widely supported in browsers, is secure - a perfect candidate for a second authentication factor. Password (in service) + passphrase protecting the certificate + certificate itself = isn't that secure enough? In my opinion it is. Yet nobody is using this simple solution, instead we rely on some strange digit codes sent via various side channels. Brandon, can you perhaps explain how does it look from Google point of view? Have you ever considered using certificates as a second authentication factor, and if yes, why did you decide not to use them? -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop