"usable security" at www.usable.com
Ali, Saqib
docbook.xml at gmail.com
Thu Sep 11 03:01:36 EDT 2008
> to make it easy to login to participating web sites. However, I don't
> see any details of the protocols or algorithms.
The service looks very user friendly and secure (i.e. if implemented properly)
It is unfortunate that being a security aware company they don't
provide information about the protocols or algorithms. I haven't used
the service either. So I am as clueless as anyone else. But I won't
let that stop me from making some speculations ;-)
Note: The following are pure speculations and wild guesses:
The service seems to incorporate a technology similar to RSA's
passmark to perform mutual authentication i.e. authenticate the client
machine to the server to prevent phishing. In addition, it appears,
they are also utilizing host-proof hosting AJAX paradigm such that
your login information is never sent to the Usable's cloud servers in
clear-text.
Both of these technologies are well-defined and, if implemented
properly, provide reasonable amount of security.
BankOfAmerica utilizes RSA's Passmark for Logons. Passpack utilizes
Host-proof hosting AJAX paradigm.
saqib
http://doctrina.wordpress.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list