|
|
|
|
|
|
by drewcrawford
4313 days ago
|
|
|
> Where are we with replacing the password? The state of the art of the technology, in my opinion, is GRC's SQRL: https://www.grc.com/sqrl/sqrl.htm However I think you have captured something essential in the idea that Mozilla Persona "failed to catch on", and it wasn't, as far as I can tell, for technical reasons. The real problem is that any change from the username/password system has a cost (in programmer hours, and support retraining, etc.) and so long as "nothing is broken" it is hard to justify diverting funds from features that are customer-visible to providing a defense against an attack that is arguably the user's fault anyway (password re-use). To me this issue is sort of a monument to the strange insincere lipservice we pay to technology and technologists. Of course technology is business-critical and of course we work to hire the best and brightest, etc. But somehow organizations keep storing passwords in plain text in spite of the fact that engineers who work there know better. |
|
|
This idea SERIOUSLY needs more attention, Steve is basically presenting a complete blueprint for how to do web login security right on everything from smartphones to desktops. A startup could run this implementation-wise and if the hype was right it could be a massive hit.