[OpenID] Banking and OpenID (was: Widgets and other aggregation)

Nat Sakimura sakimura at gmail.com
Fri Jan 30 00:45:47 UTC 2009 

Our statistics shows people can remember 3.2 or so passwords :-)

Now, when it comes to banks etc., technology alone cannot solve the
problems.
Each jurisdiction has its own legislation, so the technology must be able to

accomodate those local requirements. It is not only for the Authentication
method per se, but it also involves identity proofing etc., so the entire
assurance stack
matters.

=nat

On Wed, Jan 28, 2009 at 2:38 PM, SitG Admin <sysadmin at shadowsinthegarden.com
> wrote:

> I actually don't think my bank website needs to be *that* secure.
>>
>
> Login is the wrong place to look for banks (and many other institutions),
> as far as I'm concerned. We *should* be asking "Why does our information
> NEED to be online like that, if/when we don't even use the internet?", and
> challenging data repositories to take better care of safeguarding our data.
> To mix our metaphors, why should the bank be allowed to force me to keep all
> my money under a mattress, protected only by the locks on my doors and
> windows, when we have these nifty things called "vaults" (located,
> conveneniently enough, in the aforementioned "banks") to keep it in instead?
> I think the bank would rebel at taking liability for money stolen from under
> my mattress when they already provide a vault for them to keep their eyes on
> - one centralized secure location, rather than a mattress for every user.
>
>  At the end of the day, I feel like you're making the arguement that says,
>> "Hey, MultiAuth is maybe 100% better than SingleAuth, but it's not perfect,
>> so let's not do it".
>>
>
> There are some sites for which SingleAuth would be unacceptable, I think;
> whether MultiAuth would be acceptable seems like something that would depend
> more upon politics and/or the law than on the technology involved. I'm also
> thinking that, if the user is already remembering two or more passwords for
> their MultiAuth OP's, what's one more for the bank?
>
> -Shade
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>



-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090130/c03534aa/attachment-0002.htm>

More information about the general mailing list