On Thursday 21 Jun 2012 04:16:22 Aaron C. de Bruyn wrote: > On Wed, Jun 20, 2012 at 4:26 PM, Jay Ashworth <[email protected]> wrote: > > ----- Original Message ----- > >> From: "Leo Bicknell" <[email protected]> > > Yes, but you're securing the account to the *client PC* there, not to > > the human being; making that Portable Enough for people who use and > > borrow multiple machines is nontrivial. > > Or a wizard in your browser/OS/whatever could prompt you to put in a > 'special' USB key and write the identity data there, making it > portable. Or like my ssh keys, I have one on my home computer, one on > my work computer, one on my USB drive, etc... If I lose my USB key, I > can revoke the SSH key and still have access from my home computer. > > And I'm sure someone would come up with the 'solution' where they > store the keys for you, but only you have the passphrase...ala > lastpass. > > -A
As far as apps go, loads of them use OAuth and have a browser step in their setup. So this adds precisely one step to the smartphone sync/activation process - downloading the key pair from your PC (or if you don't have a PC, generating one). that covers vendor A and most vendor G devices. "what about the feature phones?" - not an issue, no apps to speak of, noOp(). "what about [person we want to be superior to who is always female for some reason]?" - well, they all seem to have iPhones now, so *somebody's* obviously handholding them through the activation procedure. obviously vendor A would be tempted to "sync this to iCloud"...but anyway, I repeat the call for a W3C password manager API. SSH would be better, but a lot of the intents, actions etc are the same.
signature.asc
Description: This is a digitally signed message part.
