On 08/07/2014 05:27 AM, Brian Wolff wrote:
Most non-password alternatives that I can think of
(e.g. Having public
private key pairs or something) have the problem that they can't
really be integrated well enough into a web browser based environment
that folks other than the most technical of users find them an
acceptable burden.
At least part of the problem is that this requires that private key to
be distributed on every device from which access will be sought. This
means that while it may be reasonable to use that at one's "base of
operations" it would cripple access from mobile devices / one's friend's
house / the library.
What mediawiki needs is a "safe mode" - allowing a user to log in with
no magical bits. Only with the presence of that mode does it become
reasonable to require secondary mechanism to authenticate "more" for
access to advanced permissions.
-- Marc