[Cryptography] "password manager" --> _authorization manager_

Paul Madore henrypaulmadore at gmail.com
Sun Aug 17 08:42:05 EDT 2014


On Aug 16, 2014 7:54 PM, "John Denker" <jsd at av8n.com> wrote:
>

>
> To those who think this cannot be done, or who think it would be
> unduly burdensome, here is a counterargument by way of analogy:
>
> I run very little risk that any online merchant will compromise my
> credit-card account, because my bank provides an app that generates
> ephemeral credit-card numbers, one per transaction.  The virtual
> card has a credit limit that suffices to cover that one transaction
> and nothing more, so the merchant cannot overcharge me.  Also, the
> virtual card is locked to a particular merchant, so even if the
> balance is not used up, stealing the card number would be of no
> use to anybody else.  I could safely publish all my past card numbers
> on my web site.
>
> There are some important ideas here, including:
>   a) ease of use, and
>   b) seamless compatibility with the huge installed base of vendors
>    who ask for a credit-card number.
>
> Part of the ease-of-use comes from the fact that the virtual card
> app uses "automatic form filling" to stuff the card number, date,
> cardholder name, etc. into the merchant's form.  This makes it
> actually /easier/ to use than a non-virtual plastic card.
>
> Furthermore it is vastly /more secure/ than a plastic card,
> because in addition to identification and authentication, it
> provides /authorization/ for a particular dollar amount.
>
> Migration away from the existing addiction to passwords will not
> be quite so smooth, but there is no doubt that it can be done.
> The "automatic form filling" features can be put to good use
> here.
>

Well, isn't what you've described actually accomplished, less fees, with
Bitcoin?

As to passwords, what about a two step auth system which involved both
password and possession of a data file.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140817/85c99ca9/attachment.html>


More information about the cryptography mailing list