Our statistics shows people can remember 3.2 or so passwords :-)<br><br>Now, when it comes to banks etc., technology alone cannot solve the problems. <br>Each jurisdiction has its own legislation, so the technology must be able to <br>
accomodate those local requirements. It is not only for the Authentication <br>method per se, but it also involves identity proofing etc., so the entire assurance stack <br>matters. <br><br>=nat<br><br><div class="gmail_quote">
On Wed, Jan 28, 2009 at 2:38 PM, SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I actually don't think my bank website needs to be *that* secure.<br>
</blockquote>
<br>
Login is the wrong place to look for banks (and many other institutions), as far as I'm concerned. We *should* be asking "Why does our information NEED to be online like that, if/when we don't even use the internet?", and challenging data repositories to take better care of safeguarding our data. To mix our metaphors, why should the bank be allowed to force me to keep all my money under a mattress, protected only by the locks on my doors and windows, when we have these nifty things called "vaults" (located, conveneniently enough, in the aforementioned "banks") to keep it in instead? I think the bank would rebel at taking liability for money stolen from under my mattress when they already provide a vault for them to keep their eyes on - one centralized secure location, rather than a mattress for every user.<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
At the end of the day, I feel like you're making the arguement that says, "Hey, MultiAuth is maybe 100% better than SingleAuth, but it's not perfect, so let's not do it".<br>
</blockquote>
<br>
There are some sites for which SingleAuth would be unacceptable, I think; whether MultiAuth would be acceptable seems like something that would depend more upon politics and/or the law than on the technology involved. I'm also thinking that, if the user is already remembering two or more passwords for their MultiAuth OP's, what's one more for the bank?<br>
<br>
-Shade<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><br>