[Tfug] Authentication procedures

James Hood ebenblues at gmail.com
Fri Mar 20 00:01:52 MST 2009


I have a different perspective on this. I say, get rid of passwords
entirely. There is a wealth of research that shows people suck at
guarding/maintaining passwords. I remember a study showing 20% of
people would give out their password for a candy bar.

We should put authentication (and the need to guard it) in terms that
your average user can understand. I have a USB flash drive on my
physical key chain that has my private key on it. I also have a hacked
version of Putty that can look on my flash drive for private keys when
doing ssh key auth. It's really convenient, because I can go to any
Windows PC and ssh to my servers w/o typing in a password.

Wouldn't it be great if there was a standardized way for any app to do
key-based authentication, reading your private key off of your flash
drive?

That way people don't have to remember passwords and they'll guard
their software key with their physical keys. I bet less than 20% of
people would give someone their house key for a candy bar...

James

-- 
"The humble learn the fastest because they don't waste time on
defending a false image."




More information about the tfug mailing list