|
|
|
|
|
|
by zanny
4273 days ago
|
|
|
Two factor is not a good solution either. Having to lug around your phone pulling up randomly generated strings from an RNG on both ends... defeats the point. Instead of an RNG seed, have a shared secret. Of course, you need a trusted party for that, but that is how oauth and friends work. And how Persona should have worked. Logging in to anything should be clicking login and everything happening behind the scenes, because you are already trusted and authenticated by a dozen other services that whomever you are trying to access should defer to to identify you. At least that is what Persona was supposed to do, and then fell flat due to slow adoption. But it was a chicken and egg problem through and through - nobody would use an immature Persona, and Mozilla abandoned it before it had time to shine. Oauth is the maimed cripple of what should solve all of this, but at least it gets the correct UX to end users most of the time, even it if means wading through a half a dozen login buttons from various services selling your identity. Considering modern browsers all support synced data stores, why the hell is there not some standards pushing api a la webrtc (in scope and adoption) to get randomly generated unique id keys made browser side for each service you use, that you can then sync between devices and across your browser "account"? Persona was meant to become that, but it died. Where is the successor? |
|
|