Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: OpenID. The future of authentication on the web?

Re: OpenID. The future of authentication on the web?

From: Steven Rakick <stevenrakick_at_yahoo.com>
Date: Sun, 23 Mar 2008 18:17:18 -0700 (PDT)

I'm not sure why it isn't on their home page any more.
It used to be. Their FAQ is at:

http://www.beemba.com/faq.aspx.

On Sun, Mar 23, 2008 at 8:46 PM, Paul Schmehl
<pauls_at_utdallas.edu> wrote:
> --On March 23, 2008 8:04:41 PM -0400 Larry Seltzer
> <Larry_at_larryseltzer.com> wrote:
>
> >>> I understand the attractiveness of not having to
remember lots of IDs
> > and passwords, but when you give up control of
your data, you give up
> > control of your future.
> >
> > Normal people aren't going to remember enough
passwords, let alone
> > strong passwords, to make that control meaningful.
I do get your point,
> > but I bet that the best alternative is to give
them one set of
> > credentials and make it as strong as possible.
> >
>
> I agree with your premise, Larry. It's the solution
I object to. The
> correct solution, imo, is one that allows the user
to retain control of
> their data. The password managers in browsers are
an early attempt at
> this. Mac's File Vault is another. The correct
solution, IMO, would be
> an encrypted password vault, stored on a USB drive
and only available
> through the use of a password and some other form of
identification
> (biometric, etc.)
>
> In other words, a combination of something you have
and something you
> know, not something someone else has and something
you know. If I'm
> carrying my passwords in encrypted form in a device
I possess, I have
> complete control of who gets granted access to my
data, and the compromise
> of any one vendor site that I visit will, at the
worst, compromise the
> data I granted them access to.
>
> Paul Schmehl (pauls_at_utdallas.edu)
> Senior Information Security Analyst
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/
>
> _______________________________________________
>
> Full-Disclosure - We believe in it.
> Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
http://secunia.com/
>

      ____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Mar 23 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]