On Thursday 21 Jun 2012 04:16:22 Aaron C. de Bruyn wrote:
On Wed, Jun 20, 2012 at 4:26 PM, Jay Ashworth <jra@baylink.com> wrote:
From: "Leo Bicknell" <bicknell@ufp.org> Yes, but you're securing the account to the *client PC* there, not to
----- Original Message ----- the human being; making that Portable Enough for people who use and borrow multiple machines is nontrivial.
Or a wizard in your browser/OS/whatever could prompt you to put in a 'special' USB key and write the identity data there, making it portable. Or like my ssh keys, I have one on my home computer, one on my work computer, one on my USB drive, etc... If I lose my USB key, I can revoke the SSH key and still have access from my home computer.
And I'm sure someone would come up with the 'solution' where they store the keys for you, but only you have the passphrase...ala lastpass.
-A
As far as apps go, loads of them use OAuth and have a browser step in their setup. So this adds precisely one step to the smartphone sync/activation process - downloading the key pair from your PC (or if you don't have a PC, generating one). that covers vendor A and most vendor G devices. "what about the feature phones?" - not an issue, no apps to speak of, noOp(). "what about [person we want to be superior to who is always female for some reason]?" - well, they all seem to have iPhones now, so *somebody's* obviously handholding them through the activation procedure. obviously vendor A would be tempted to "sync this to iCloud"...but anyway, I repeat the call for a W3C password manager API. SSH would be better, but a lot of the intents, actions etc are the same.