On Fri, Nov 15, 2013 at 9:55 AM, Stephane Bortzmeyer <[email protected]>wrote:
> On Tue, Nov 12, 2013 at 09:32:34AM -0800, > Joe St Sauver <[email protected]> wrote > a message of 68 lines which said: > > > -- unless we get broad adoption of federated authentication, we'll > > always have *too many* usernames and passwords > > This problem has been solved a long time ago, by password > managers. Every Web browser have a pretty good one these days and, if > you don't like them (or for other uses than the Web), there are many > good password managers, under many licences, for many platforms. > You are confusing an optional proprietary extension that is supported on some systems for a solution. Most of us are forced to use more than one browser and those of us who like one particular browser do not want to be locked into one password manager. And none of the password managers out there is particularly good because there are many sites that actively try to prevent password storage, especially those that really aren't a security issue for users. None of them work well enough to let the service choose a strong password for me (i.e. 128 bit). What we need here is a standardized mechanism for storing passwords to meet the needs of users that also provides a strong authentication mechanism that meets the needs of the sites. Unfortunately we are back in the competitive stage of the browser war where all the players are trying to protect their position by raising the switching costs on their platform. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
