how can you verify that the site you get is not a fake?
Les Mikesell
lesmikesell at gmail.com
Mon Jun 6 17:52:11 UTC 2005
On Mon, 2005-06-06 at 10:50, bruce wrote:
> so...
>
> the obvious solution (at least to me...) is to get rid of the need for a
> user to use the keyboard for entering the password....
>
> so if i have a solution that allows the user to more or less know that the
> site that he/she is on is the correct site, as well as a process that allows
> the user to access/authenticate that he/she is indeed the actual user, then
> we might have something...
>
> if you're dealing with a browser/internet system, i'm of the opoinion that
> it's time we start thinking about geting rid of text based passwords...
> they're too cumbersome to be secure, and once you start dealing with more
> than a few sites.. who really goes through the trouble to generate and
> remember really secure passwords...
Client certificates for ssl/https provide this if you want to pay for
them and then make sure they don't get stolen.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list