Overclock.net › Forums › Industry News › Software News › [ZDNet] Mozilla pushes simplified Browser ID login system
New Posts  All Forums:Forum Nav:

[ZDNet] Mozilla pushes simplified Browser ID login system

post #1 of 16
Thread Starter 

Quote:
BrowserID uses asymmetric cryptography and digital signatures to allow browsers to create signed assertions about the user’s identity, and by identity providers to vouch (via signing of a key-email pair) for a user’s identity in a disconnected fashion. BrowserID uses cross document messaging to communicate between documents served from different domains, which makes a usable implementation of BrowserID possible right now without modifications to existing browsers.
Source

Hmmm, don't know if I like this or not, seems like something that hackers might have a hay day with...
The Rock
(15 items)
 
  
Reply
The Rock
(15 items)
 
  
Reply
post #2 of 16
That would be nice for having sites that don't require banking and stuff. Though even with that it might be well worth it. I think it's a good idea, lets see how well they can implement it while keeping it secure.
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #3 of 16
Sounding a lot like that "Internet ID" stuff....
Torch's Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6750 w/G0 ASUS P5KC Sapphire HD5770 1GB 4 GB G.Skill DDR3 1333 
Hard DriveOptical DriveOSMonitor
ADATA S510 120GB SSD, (2)Samsung F3 1TB, Seaga... Asus SATA DVD LinuxMint 13 x86 w/Mate Asus 23" HD 1080p HDMI LED LCD 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 610w PC Power & Cool Silencer Rosewill Blackbone Logitech G400 
Mouse Pad
DOLICA 
  hide details  
Reply
Torch's Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6750 w/G0 ASUS P5KC Sapphire HD5770 1GB 4 GB G.Skill DDR3 1333 
Hard DriveOptical DriveOSMonitor
ADATA S510 120GB SSD, (2)Samsung F3 1TB, Seaga... Asus SATA DVD LinuxMint 13 x86 w/Mate Asus 23" HD 1080p HDMI LED LCD 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 610w PC Power & Cool Silencer Rosewill Blackbone Logitech G400 
Mouse Pad
DOLICA 
  hide details  
Reply
post #4 of 16
Isn't this kind of like a Google account + chrome? I have my bookmarks, email, music, documents, +, pictures, extensions, and whatever else synced up with it. Can't see myself switching over any time soon.
    
CPUMotherboardGraphicsRAM
Intel 2500k Gigabyte Z68X-UD3H-B3 XFX HD5870 16GB G.Skill RipjawsX 
Hard DriveOptical DriveCoolingOS
60GB OCZ Vertex 3 + 2x TB Seagate LG DVD+RW Stock Intel Windows 7 64bit / OSX Mountain Lion 
MonitorKeyboardPowerCase
Dell ST2210 + 17" IBM Das Ultimate S Antec TruePower 650W Antec P183 
MouseMouse PadAudioAudio
Logitech MX Revolution X-Trac Ripper Objective 2 + ODAC Combo Sennheiser HD650 + Klipsch 2.1 Promedia 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel 2500k Gigabyte Z68X-UD3H-B3 XFX HD5870 16GB G.Skill RipjawsX 
Hard DriveOptical DriveCoolingOS
60GB OCZ Vertex 3 + 2x TB Seagate LG DVD+RW Stock Intel Windows 7 64bit / OSX Mountain Lion 
MonitorKeyboardPowerCase
Dell ST2210 + 17" IBM Das Ultimate S Antec TruePower 650W Antec P183 
MouseMouse PadAudioAudio
Logitech MX Revolution X-Trac Ripper Objective 2 + ODAC Combo Sennheiser HD650 + Klipsch 2.1 Promedia 
  hide details  
Reply
post #5 of 16
Since no one else has said this yet. Big Brother is watching!
T3k
(13 items)
 
The Tibaldi
(9 items)
 
WooJoo
(13 items)
 
CPUMotherboardGraphicsGraphics
Intel i5 3210 h77 HD4000 GeForce 640 LE 
RAMHard DriveOSOS
4gb of something 5400rpm slowness 13.04 Ubuntu x64  Windows 8 Pro 
Monitor
1920x1080 
CPUMotherboardGraphicsRAM
965 BE 4.0GHZ (250 x 15.5) @1.5V m2n32 sli deluxe - 2000mhz @ 1.3V Asus TOP 5850 1GB 950/1200 Kingston HyperX 5-5-5-15 
Hard DriveOptical DriveOSMonitor
WD Velociraptor 150GB, WD raptor 74gb TDK 880N DVDRW Windows 7 x64 Ultimate Westinghouse 22" lcd 
KeyboardPowerCaseMouse
saitek eclipse II Corsair 620W modular Cooler Master ATCS 840 black emprex 
  hide details  
Reply
T3k
(13 items)
 
The Tibaldi
(9 items)
 
WooJoo
(13 items)
 
CPUMotherboardGraphicsGraphics
Intel i5 3210 h77 HD4000 GeForce 640 LE 
RAMHard DriveOSOS
4gb of something 5400rpm slowness 13.04 Ubuntu x64  Windows 8 Pro 
Monitor
1920x1080 
CPUMotherboardGraphicsRAM
965 BE 4.0GHZ (250 x 15.5) @1.5V m2n32 sli deluxe - 2000mhz @ 1.3V Asus TOP 5850 1GB 950/1200 Kingston HyperX 5-5-5-15 
Hard DriveOptical DriveOSMonitor
WD Velociraptor 150GB, WD raptor 74gb TDK 880N DVDRW Windows 7 x64 Ultimate Westinghouse 22" lcd 
KeyboardPowerCaseMouse
saitek eclipse II Corsair 620W modular Cooler Master ATCS 840 black emprex 
  hide details  
Reply
post #6 of 16
Quote:
Originally Posted by rusky1 View Post
Since no one else has said this yet. Big Brother is watching!
If it was Big Brother - it`s more like the odd, skeevy hillbilly cousin looking through the window and drooling over the sister...
post #7 of 16
I see what they are trying to do which is make login's easy. It's basically a cookie with a GUI - may be useful.
post #8 of 16
I love how he talked about easily forgotten passwords then goes to create a single login responsible for hundreds of sites he's a member of, yet only uses a ~6 character password...

Phishing scams just got more profitable.
post #9 of 16
Are you guys kidding me as to not wanting a replacement for passwords? We sorely, sorely need to use shared key cryptography with websites. Passwords are not just insecure as a general premise - not enough people remember ones complex enough to be worthwhile, but they are horribly insecure from the point of view of sharing.

No one remembers enough passwords to use a different one for every site - or at least barely anyone. This means that any site that stores your password insecurely (you'd think every site in the world would know to hash and salt passwords, but every day you see leaks with unsalted - or even plaintext password databases being released) and this leads to security breaches where you use the same password across a few sites. This isn't just small websites either.

The best answer to this is simple:

The website asks for a public key upon registering which is stored on the website's server.

The user's browser generates a new key for that website, sends the site a public key.

When the user logs in, the site generates a random value and uses the public key to encrypt the data. The user then decrypts the data using the private key (thus proving they own the key and are the user) and send back the random value, which must match.

The user's browser should store these keys in a safe way - preferably providing a way to share these keys to other devices they own (naturally also securely as this data would allow access to all sites). Generally the keys will be stored with a password that must be entered before the key can be used, as an additional layer of security for the user.

How would this work? The browser could handle it all automatically - in fact, to the user there would be little discernable change. Websites could simply have a new form element for requesting keys - or better yet, implemented at http level. The user would no longer have to type in passwords, except when unlocking their keys (this would be very much like the 'master password' feature used in a lot of browser's password storing systems today).

Security-wise, people would be far more secure. Rather than stealing passwords, they would need both the key and the key's password. The best thing is that there is no need for the user to trust the site to handle the public key safely. It's only valid at that site - and even with the public key, you can't log in (you need the private key and the password). This means you don't have to hope a website is using a secure database (with salted hashes) in case the data is leaked.
Edited by lattyware - 7/18/11 at 2:51pm
Shinobu
(16 items)
 
Nodoka
(16 items)
 
Index
(4 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-3570K Asus P8Z77-I Deluxe HD6450 Flex Crucial 16GB (2x 8GB) Ballistix Elite 
Hard DriveHard DriveOSMonitor
Samsung SSD 840 EVO 250GB TOSHIBA DT01ACA300 Arch Linux Dell UltraSharp U2713HM 
MonitorMonitorKeyboardPower
Dell U2410 Dell 2407WFP Cherry - Cherry Blue Switches (Unlabeled keys) Seasonic X-650 
CaseMouseAudioAudio
BitFenix Prodigy Black Logitech M570 Trackball Sennheiser HD595 Creative GigaWorks T20 
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Zotac Z77-ITX WiFi EVGA 680 GTX Samsung 
Hard DriveHard DriveOSMonitor
Samsung 256GB 830 Samsung SpinPoint HD501LJ Windows 7 Dell U2410 
MonitorMonitorKeyboardCase
Dell 2407WFP Dell E248WFP Cherry Black (MX Blue Switches, Blank Keys) Silverstone Sugi SG08B 
MouseAudioAudio
Logitech Trackman Logitech Z-5500 Sennheiser HD595s 
CPUMotherboardRAMHard Drive
AMD Athlon II X2 240e Asus M5A78L-M/USB3 Crucial 8GB (2x4GB) DDR3 1600Mhz Ballistix Sport 1.5TB Hard Drives 
  hide details  
Reply
Shinobu
(16 items)
 
Nodoka
(16 items)
 
Index
(4 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-3570K Asus P8Z77-I Deluxe HD6450 Flex Crucial 16GB (2x 8GB) Ballistix Elite 
Hard DriveHard DriveOSMonitor
Samsung SSD 840 EVO 250GB TOSHIBA DT01ACA300 Arch Linux Dell UltraSharp U2713HM 
MonitorMonitorKeyboardPower
Dell U2410 Dell 2407WFP Cherry - Cherry Blue Switches (Unlabeled keys) Seasonic X-650 
CaseMouseAudioAudio
BitFenix Prodigy Black Logitech M570 Trackball Sennheiser HD595 Creative GigaWorks T20 
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Zotac Z77-ITX WiFi EVGA 680 GTX Samsung 
Hard DriveHard DriveOSMonitor
Samsung 256GB 830 Samsung SpinPoint HD501LJ Windows 7 Dell U2410 
MonitorMonitorKeyboardCase
Dell 2407WFP Dell E248WFP Cherry Black (MX Blue Switches, Blank Keys) Silverstone Sugi SG08B 
MouseAudioAudio
Logitech Trackman Logitech Z-5500 Sennheiser HD595s 
CPUMotherboardRAMHard Drive
AMD Athlon II X2 240e Asus M5A78L-M/USB3 Crucial 8GB (2x4GB) DDR3 1600Mhz Ballistix Sport 1.5TB Hard Drives 
  hide details  
Reply
post #10 of 16
I think LastPass is better than this.
Cheap PC
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel E2140 (3.2GHz) GA-P35-DS3L 9800 GTX+ 2GB (2 x 1GB) G-Skill DDR2 (800Mhz) 
Hard DriveOSMonitorKeyboard
Western Digital 320GB Windows 7 P1230 22" CRT Gembird 
PowerCaseMouseAudio
CX430W CM 690 Pure Microsoft Intellimouse 3.0 Creative Audigy 
  hide details  
Reply
Cheap PC
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel E2140 (3.2GHz) GA-P35-DS3L 9800 GTX+ 2GB (2 x 1GB) G-Skill DDR2 (800Mhz) 
Hard DriveOSMonitorKeyboard
Western Digital 320GB Windows 7 P1230 22" CRT Gembird 
PowerCaseMouseAudio
CX430W CM 690 Pure Microsoft Intellimouse 3.0 Creative Audigy 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [ZDNet] Mozilla pushes simplified Browser ID login system