Not the browser!

Google&#39s Ben Laurie bookends our dialog (work back from here) with a really clear statement:

Kim correctly observes that the browser is not the place to be typing your password. Indeed. I should have mentioned that.

Clearly any mechanism that can be imitated by a web page is dead in the water. Kim also wants to rule out plugins, I take it, given his earlier reference to toolbar problems. I’m OK with that. We want something that only a highly trusted program can do. That’s been so central to my thinking on this I forgot to mention it. Sorry.

This sounds really positive.  Now, just so I don&#39t end up with a different security product from every big web site, I hope Ben&#39s work will include integration with the CardSpace framework.  I&#39m certainly open to discussions about ways we might evolve CardSpace to facilitate this.

One thought on “Not the browser!

  1. Hey Now Kim,
    Interesting point that I didn&#39t think of before. We shouldn&#39t type passwords in browsers. It may be quite some time before this happens.
    Thx 4 the info,
    Catto

Leave a Reply