|
|
|
|
|
|
by ethbro
2382 days ago
|
|
|
> Passwords should be a thing that's integrated in your browser/computer experience... this is something that can and should be handled by computers. I had this crazy idea, whereby computers could themselves come up with very long, random sequences of bits. They would then use these openers (couldn't think of a better word) to authenticate to each other, secured by mathematical operations, in place of passwords. Sadly, I've never seen it used on websites, so it must not be a good idea. /s |
|
|
However: The UX on the browser side is shitty as hell. Certificates display weird nagscreens, without being able to specify proper defaults like "use this cert for that site and don't bother me again". Certificate enrollment has been broken (not that the form element was ever great) by all major browsers, to be replaced by "do something in Javascript maybe, if we get around to implementing a new API some time". Oh, and no logout...
Kerberos needs a parameter at browser start or an about:config setting, is incompatible with using multiple TGTs let alone automatically selecting the right one or gasp getting a new TGT for the user from the proper KDC. The only thing that kinda works mostly is using the standard company login TGT. Oh, and logging out doesn't work...
Oh, and of course most mobile systems are broken or just unsupported.
The sorry state of browser auth is 100% on browser vendors dragging their feet on those problems that have been known for around 20 years or so. And no, webauth won't save us, it'll just be another shitshow most likely.