On Mon, 2005-06-06 at 10:50, bruce wrote: > so... > > the obvious solution (at least to me...) is to get rid of the need for a > user to use the keyboard for entering the password.... > > so if i have a solution that allows the user to more or less know that the > site that he/she is on is the correct site, as well as a process that allows > the user to access/authenticate that he/she is indeed the actual user, then > we might have something... > > if you're dealing with a browser/internet system, i'm of the opoinion that > it's time we start thinking about geting rid of text based passwords... > they're too cumbersome to be secure, and once you start dealing with more > than a few sites.. who really goes through the trouble to generate and > remember really secure passwords... Client certificates for ssl/https provide this if you want to pay for them and then make sure they don't get stolen. -- Les Mikesell lesmikesell@xxxxxxxxx
