"usable security" at www.usable.com

Ali, Saqib docbook.xml at gmail.com
Thu Sep 11 03:01:36 EDT 2008


> to make it easy to login to participating web sites.  However, I don't
> see any details of the protocols or algorithms.

The service looks very user friendly and secure (i.e. if implemented properly)

It is unfortunate that being a security aware company they don't
provide information about the protocols or algorithms. I haven't used
the service either. So I am as clueless as anyone else. But I won't
let that stop me from making some speculations ;-)

Note: The following are pure speculations and wild guesses:

The service seems to incorporate a technology similar to RSA's
passmark to perform mutual authentication i.e. authenticate the client
machine to the server to prevent phishing. In addition, it appears,
they are also utilizing host-proof hosting AJAX paradigm such that
your login information is never sent to the Usable's cloud servers in
clear-text.

Both of these technologies are well-defined and, if implemented
properly, provide reasonable amount of security.

BankOfAmerica utilizes RSA's Passmark for Logons. Passpack utilizes
Host-proof hosting AJAX paradigm.

saqib
http://doctrina.wordpress.com/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list