We could do a
less secure, but more-secure-than-passwords
alternative,
which is to use email or SMS as a one time
password device. SMS is
obviously more secure than email, but would require us to ask people
for their phone numbers.
SMS has loads of vulnerabilities:
http://en.wikipedia.org/wiki/SMS#Vulnerabilities
I don't see anyone signing up to get an e-mail or text message every
time they want to log in, either. At best, this pushes the
authentication problem back to their e-mail or SMS provider. In that
case, why not just use OpenID?
Though SMS has a number of vulnerabilties, as listed in the link, in
practical terms, it is likely to be safer than email for one time passwords.
Remember: one time passwords are used as a form of two factor
authentication. The SMS is sent to something they have after the user enters
the thing they know. The thing you know in this system is often a password.
People tend to use the same password everywhere, and a user's wikipedia
password is likely their email password, which would make a one time
password sent to the email less effective.
With SMS, an attacker would have to know the user's password, and would have
to intercept the SMS, which isn't easy enough to be worth the trouble.
OpenID also just pushes the authentication problem back to the OpenID
provider. If we are acting as the user's OpenID provider, then the problem
is back with us. That said, I agree we should act as an OpenID provider and
consumer. We are far more likely to act as a provider before we act as a
consumer. Note that this was discussed at the Berlin conference.
We could also
make a PKI infrastructure, and
allow certificate login, which is obviously safer than passwords.
Not if the password is not stored on the computer and the
private key is.
But it is, if the private key is stored on a thumb drive (in a crypto
application), or on a smart card. Even if the private key and password are
stored on the filesystem unencrypted, an x509 key is safer than a password
simply because it is *much* more complex, so it is very unlikely to be brute
forced.
The real
problem with any system stronger than passwords, is that it
requires a level of complexity that would be difficult for us, and
either annoying or very confusing for users.
Yes, so let's not worry about it, shall we? We aren't the NSA here.
This is a pretty smug statement.
I think it would be nice to offer more secure methods of authentication to
users who choose to take advantage of them. One time passwords would likely
be too confusing to force on everyone, but they aren't too confusing to
offer as an option. It also isn't very difficult to implement on the
authentication server's end either. Also, if we are to act as an OpenID
provider, it would be pretty nice to offer these more secure alternatives.
Respectfully,
Ryan Lane