|
|
|
|
|
|
by jrm4
1391 days ago
|
|
|
Actually -- a "web of trust" idea for the browsers is quite sufficient. Google et al... have already proven that they are at least decent at security and that they care about things owing to their success in the market. They've proven that they've handled this reasonably well and following their lead on how to do security in software is probably pretty good. They have both experience and skin in the game, lots of it, in the form of lots of money et al. NOW, these password companies? NOPE. They simply don't have the right incentives in place to be trustable. (or more specifically, that they're going to be much better at securing my stuff than I will) They're too young and don't have sufficient "punishment" at the ready for me to be able to trust them much. They don't do indemnification, and liability for them isn't going to be great. I can't presume the same level of skill or care because the infrastructure/incentives aren't as presumably solid. (Put differently, the Lifelock guy was a hero, he was at least willing to put something real on the line.) |
|
|