|
|
|
|
|
|
by stevenjgarner
4667 days ago
|
|
|
I agree. Do we have to leave this initiative up to the browser developers though? As a website developer why can't I just replace the traditional password form field with a textarea form field, requiring the user to copy and paste their RSA private key (for my site) into the field, which would then be validated against their public key kept in the website user table? For additional security the private/public key pair could also be password locked. As long as my site(s) are using SSL, and other best practices, isn't the biggest risk one of the user losing their private key or having nefarious hands otherwise getting a hold of it? |
|
|