[Cryptography] password fatigue; was: Lastpass

Lodewijk andré de la porte l at odewijk.nl
Wed Jun 17 12:20:20 EDT 2015


I think things like OpenAuth were an interesting step in the right
direction.

Problematically, it reduced privacy and gives people bad bellyfeel. The
for-developer-incentive features such as access to "IDENTITY", contact
lists, my personal biography, every search entry I've made, my browser
history and bookmarks, and *lol i don't even know* is probably why it never
really caught on.

The initial real fix that I hope for is a deterministically seeded password
you put into your browser, that generates pub/priv keypairs for use in
communicating to remote webservices. Similar to how HD Bitcoin wallets
generate keypairs for addresses, and how SSH sessions identify. This would
provide quick & easy identities. Real name policies and the like are
generally a step backwards anyway. If you really want that, have
governments create per-website signatures linking a real name and a pubkey
- and leave them to solve RealID issues.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150618/94be8503/attachment.html>


More information about the cryptography mailing list