On Mon, 2005-06-06 at 11:50, bruce wrote: > so... > > the obvious solution (at least to me...) is to get rid of the need for a > user to use the keyboard for entering the password.... > > so if i have a solution that allows the user to more or less know that the > site that he/she is on is the correct site, as well as a process that allows > the user to access/authenticate that he/she is indeed the actual user, then > we might have something... > > if you're dealing with a browser/internet system, i'm of the opoinion that > it's time we start thinking about geting rid of text based passwords... > they're too cumbersome to be secure, and once you start dealing with more > than a few sites.. who really goes through the trouble to generate and > remember really secure passwords... > > -bruce You want multi factor authentication if possible for really secure things. In most cases a simple password is sufficient, assuming a "good" password has been selected and proper care is taken to prevent or limit the possible disclosure of that password. As stated before it all depends on the risk level you are willing to accept vs. usability for the users. In most cases a password is more than sufficient, in other cases biometrics may be the minimum acceptable security required to secure the particular systems being accessed. Standard consultant response, it depends. :) -- Scot L. Harris webid@xxxxxxxxxx Of course you have a purpose -- to find a purpose.
