On 08/07/2014 05:27 AM, Brian Wolff wrote:
Most non-password alternatives that I can think of (e.g. Having public private key pairs or something) have the problem that they can't really be integrated well enough into a web browser based environment that folks other than the most technical of users find them an acceptable burden.
At least part of the problem is that this requires that private key to be distributed on every device from which access will be sought. This means that while it may be reasonable to use that at one's "base of operations" it would cripple access from mobile devices / one's friend's house / the library.
What mediawiki needs is a "safe mode" - allowing a user to log in with no magical bits. Only with the presence of that mode does it become reasonable to require secondary mechanism to authenticate "more" for access to advanced permissions.
-- Marc