[Cryptography] [FORGED] Re: So please tell me. Why is my solution wrong?
James A. Donald
jamesd at echeque.com
Sat Feb 11 05:17:29 EST 2017
On 2/11/2017 6:31 AM, Theodore Ts'o wrote:
> So this is not vaporware, in that there *are* multiple sites/services
> which are using U2F.
True, but neither I, nor secretary of State Hillary Clinton, would have
been happy with those sites and services.
Further, because id dongles are proprietary and costs money, can never
become a universal standard - and we only get real security if secure
stuff becomes a universal standard the way regular email is standard now.
Right now, banks are pushing people to use security devices, and the
device generates a use once password, and they make you type in the use
once password every time you authorize a transaction. It is a pain in
the ass. Having dongles where you just press a button would be much
better, so don't tell me that they are available right now. If they
were available right now I would use them, the banks would use them, and
Secretary of State Hillary Clinton would have used them.
More information about the cryptography
mailing list