Overclock.net › Forums › Industry News › Software News › [ZDNet] Mozilla pushes simplified Browser ID login system
New Posts  All Forums:Forum Nav:

[ZDNet] Mozilla pushes simplified Browser ID login system - Page 2

post #11 of 16
So... it's OpenID, but with e-mails?
Micro Dance
(8 items)
 
  
CPUMotherboardGraphicsRAM
i7-4790k z97i-plus EVGA GTX980 SC 16GB Team Xtreme 2400 
Hard DriveCoolingOSCase
512GB Samsung SSD 830 NH-L12 Windows 10 EVGA Hadron Air 
  hide details  
Reply
Micro Dance
(8 items)
 
  
CPUMotherboardGraphicsRAM
i7-4790k z97i-plus EVGA GTX980 SC 16GB Team Xtreme 2400 
Hard DriveCoolingOSCase
512GB Samsung SSD 830 NH-L12 Windows 10 EVGA Hadron Air 
  hide details  
Reply
post #12 of 16
Quote:
Originally Posted by lattyware View Post
Generally the keys will be stored with a password that must be entered before the key can be used, as an additional layer of security for the user.
See you post sounded good until your solution for removing passwords included using a password
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E GTX 560 Ti 448 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E GTX 560 Ti 448 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
post #13 of 16
This could be good, or bad...

*makes coffee and waits*

...as in where this discussion goes and how many times the thread gets cleaned.
 
ThinkPad W510
(12 items)
 
The Arkbird
(14 items)
 
CPUGraphicsRAMHard Drive
i7 3840QM Quadro K2000M 4x8gb Intel 525 Series 240gb mSATA 
Optical DriveCoolingOSMonitor
Tray-load DVD Factory Windows 7 Pro 1080P "Ultrasharp" panel 
KeyboardPowerCase
Integrated Big 'ol brick M4700 chassis 
CPUMotherboardGraphicsRAM
i7 820QM 4318-CTO Quadro FX 880M 4x4gb 
Hard DriveOptical DriveCoolingOS
X-25M G2 DVD Stock Arch x64 
MonitorKeyboardPowerMouse
1080P touch screen IPS Clicky Brick Adapter UltraNav 
CPUMotherboardGraphicsRAM
4x Xeon E7440s HP DL580 G3 Motherboard Rev. 1.1 ATi Rage XL Samsung ECC DDR2 
Hard DriveOptical DriveCoolingOS
15K HP Ultra320 SCSI DVD Burner Bare Heatsinks + Chassis Airflow The Ever-Changing Distro... 
MonitorPowerCase
Only For Diagnostics.. 2x1300w (Redundant, Delta OEM) HP 4U Rackmount 
  hide details  
Reply
 
ThinkPad W510
(12 items)
 
The Arkbird
(14 items)
 
CPUGraphicsRAMHard Drive
i7 3840QM Quadro K2000M 4x8gb Intel 525 Series 240gb mSATA 
Optical DriveCoolingOSMonitor
Tray-load DVD Factory Windows 7 Pro 1080P "Ultrasharp" panel 
KeyboardPowerCase
Integrated Big 'ol brick M4700 chassis 
CPUMotherboardGraphicsRAM
i7 820QM 4318-CTO Quadro FX 880M 4x4gb 
Hard DriveOptical DriveCoolingOS
X-25M G2 DVD Stock Arch x64 
MonitorKeyboardPowerMouse
1080P touch screen IPS Clicky Brick Adapter UltraNav 
CPUMotherboardGraphicsRAM
4x Xeon E7440s HP DL580 G3 Motherboard Rev. 1.1 ATi Rage XL Samsung ECC DDR2 
Hard DriveOptical DriveCoolingOS
15K HP Ultra320 SCSI DVD Burner Bare Heatsinks + Chassis Airflow The Ever-Changing Distro... 
MonitorPowerCase
Only For Diagnostics.. 2x1300w (Redundant, Delta OEM) HP 4U Rackmount 
  hide details  
Reply
post #14 of 16
Quote:
Originally Posted by randomizer View Post
See you post sounded good until your solution for removing passwords included using a password
It wouldn't be necesary, but it's a good extra step - so that anyone who gets your keys can't instantly pretend to be you - just as most browsers offer a 'master password' to protect saved passwords. The point isn't removing passwords as such, it's removing every site knowing what your password is.

At the moment, you either have to have a completely different, secure password for every site (really hard to do) or risk having everything compromised when one site is. This avoids that. It also means malicious sites won't gain anything they can use elsewhere. It allows you to authenticate yourself, without shifting trust to the site you are authenticating to.
Edited by lattyware - 7/18/11 at 9:35pm
Shinobu
(16 items)
 
Nodoka
(16 items)
 
Index
(4 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-3570K Asus P8Z77-I Deluxe HD6450 Flex Crucial 16GB (2x 8GB) Ballistix Elite 
Hard DriveHard DriveOSMonitor
Samsung SSD 840 EVO 250GB TOSHIBA DT01ACA300 Arch Linux Dell UltraSharp U2713HM 
MonitorMonitorKeyboardPower
Dell U2410 Dell 2407WFP Cherry - Cherry Blue Switches (Unlabeled keys) Seasonic X-650 
CaseMouseAudioAudio
BitFenix Prodigy Black Logitech M570 Trackball Sennheiser HD595 Creative GigaWorks T20 
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Zotac Z77-ITX WiFi EVGA 680 GTX Samsung 
Hard DriveHard DriveOSMonitor
Samsung 256GB 830 Samsung SpinPoint HD501LJ Windows 7 Dell U2410 
MonitorMonitorKeyboardCase
Dell 2407WFP Dell E248WFP Cherry Black (MX Blue Switches, Blank Keys) Silverstone Sugi SG08B 
MouseAudioAudio
Logitech Trackman Logitech Z-5500 Sennheiser HD595s 
CPUMotherboardRAMHard Drive
AMD Athlon II X2 240e Asus M5A78L-M/USB3 Crucial 8GB (2x4GB) DDR3 1600Mhz Ballistix Sport 1.5TB Hard Drives 
  hide details  
Reply
Shinobu
(16 items)
 
Nodoka
(16 items)
 
Index
(4 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-3570K Asus P8Z77-I Deluxe HD6450 Flex Crucial 16GB (2x 8GB) Ballistix Elite 
Hard DriveHard DriveOSMonitor
Samsung SSD 840 EVO 250GB TOSHIBA DT01ACA300 Arch Linux Dell UltraSharp U2713HM 
MonitorMonitorKeyboardPower
Dell U2410 Dell 2407WFP Cherry - Cherry Blue Switches (Unlabeled keys) Seasonic X-650 
CaseMouseAudioAudio
BitFenix Prodigy Black Logitech M570 Trackball Sennheiser HD595 Creative GigaWorks T20 
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Zotac Z77-ITX WiFi EVGA 680 GTX Samsung 
Hard DriveHard DriveOSMonitor
Samsung 256GB 830 Samsung SpinPoint HD501LJ Windows 7 Dell U2410 
MonitorMonitorKeyboardCase
Dell 2407WFP Dell E248WFP Cherry Black (MX Blue Switches, Blank Keys) Silverstone Sugi SG08B 
MouseAudioAudio
Logitech Trackman Logitech Z-5500 Sennheiser HD595s 
CPUMotherboardRAMHard Drive
AMD Athlon II X2 240e Asus M5A78L-M/USB3 Crucial 8GB (2x4GB) DDR3 1600Mhz Ballistix Sport 1.5TB Hard Drives 
  hide details  
Reply
post #15 of 16
Quote:
Originally Posted by lattyware View Post
Are you guys kidding me as to not wanting a replacement for passwords? We sorely, sorely need to use shared key cryptography with websites. Passwords are not just insecure as a general premise - not enough people remember ones complex enough to be worthwhile, but they are horribly insecure from the point of view of sharing.

No one remembers enough passwords to use a different one for every site - or at least barely anyone. This means that any site that stores your password insecurely (you'd think every site in the world would know to hash and salt passwords, but every day you see leaks with unsalted - or even plaintext password databases being released) and this leads to security breaches where you use the same password across a few sites. This isn't just small websites either.

The best answer to this is simple:

The website asks for a public key upon registering which is stored on the website's server.

The user's browser generates a new key for that website, sends the site a public key.

When the user logs in, the site generates a random value and uses the public key to encrypt the data. The user then decrypts the data using the private key (thus proving they own the key and are the user) and send back the random value, which must match.

The user's browser should store these keys in a safe way - preferably providing a way to share these keys to other devices they own (naturally also securely as this data would allow access to all sites). Generally the keys will be stored with a password that must be entered before the key can be used, as an additional layer of security for the user.

How would this work? The browser could handle it all automatically - in fact, to the user there would be little discernable change. Websites could simply have a new form element for requesting keys - or better yet, implemented at http level. The user would no longer have to type in passwords, except when unlocking their keys (this would be very much like the 'master password' feature used in a lot of browser's password storing systems today).

Security-wise, people would be far more secure. Rather than stealing passwords, they would need both the key and the key's password. The best thing is that there is no need for the user to trust the site to handle the public key safely. It's only valid at that site - and even with the public key, you can't log in (you need the private key and the password). This means you don't have to hope a website is using a secure database (with salted hashes) in case the data is leaked.
+1
Very well articulated.
For sale
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-920 Asus P6T Deluxe Asus GTX460 TOP 768mb G Skill ECO 1600 CAS7 1.35V 
Hard DriveOptical DriveOSMonitor
2x Vertex 60 GB raid[0] Asus DVDRW W7,Ubuntu 2 xAsus VH236H 
KeyboardPowerCaseMouse Pad
Razer Ultra X3 1000W HAF 932 My Desk 
  hide details  
Reply
For sale
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-920 Asus P6T Deluxe Asus GTX460 TOP 768mb G Skill ECO 1600 CAS7 1.35V 
Hard DriveOptical DriveOSMonitor
2x Vertex 60 GB raid[0] Asus DVDRW W7,Ubuntu 2 xAsus VH236H 
KeyboardPowerCaseMouse Pad
Razer Ultra X3 1000W HAF 932 My Desk 
  hide details  
Reply
post #16 of 16
LastPass for every browser
remember only one password
/thread
Epic Rig
(9 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X6 1090T 890FXA-GD70 (MS-7640) Radeon HD 5670 G. Skill 
RAMHard DriveHard DriveOptical Drive
G. Skill WD Green Seagate Samsung Blu Ray reader 
Monitor
i inc 28 inch monitor 
  hide details  
Reply
Epic Rig
(9 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X6 1090T 890FXA-GD70 (MS-7640) Radeon HD 5670 G. Skill 
RAMHard DriveHard DriveOptical Drive
G. Skill WD Green Seagate Samsung Blu Ray reader 
Monitor
i inc 28 inch monitor 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [ZDNet] Mozilla pushes simplified Browser ID login system