{"id":928,"date":"2008-02-26T10:15:02","date_gmt":"2008-02-26T18:15:02","guid":{"rendered":"\/?p=928"},"modified":"2008-02-26T10:20:51","modified_gmt":"2008-02-26T18:20:51","slug":"ben-lauries-single-passwords","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=928","title":{"rendered":"Ben Laurie&#39;s &#8220;Single Passwords&#8221;"},"content":{"rendered":"<p>Given his <a href=\"http:\/\/www.links.org\/?p=298\">latest post<\/a>, I guess\u00a0I got the gist of\u00a0Ben Laurie&#39;s\u00a0proposal for using\u00a0what I&#39;ll call <a href=\"\/?p=924\">&#8220;Single Passwords&#8221;<\/a> rather than &#8220;Single Signon&#8221;:\u00a0\u00a0<\/p>\n<blockquote><p>&#8220;Kim Cameron, bless him, <a href=\"\/?p=924\">manages to interpret one of my most diabolical hungover bits of prose ever<\/a>. I am totally with him on the problem of pharming, but the reality is that the average Cardspace user authenticated with nothing better than a password (when they logged into Windows).<\/p><\/blockquote>\n<p>Wow.\u00a0 I appreciate the blessing from Father Laurie, but this is kind of a &#8220;We&#39;re going to die one day, so who cares if we die tomorrow?&#8221; type of argument &#8211; surprising for a priest.\u00a0<\/p>\n<p>While it&#39;s true that pharming is a challenge for the operating system as well as the browser,\u00a0let&#39;s not\u00a0seriously\u00a0equate the\u00a0dangers of entering passwords into browsers (a malleable experience, <em>the goal of which is to be infinitely and easily modified by anyone<\/em>) with those involved in booting up your PC (a highly controlled environment <em>designed to allow no modification<\/em> and use a secure desktop).\u00a0 It&#39;s true that both involve passwords.\u00a0 But\u00a0the equation is\u00a0simplistic, best summed up as: &#8220;Tables have legs, people have legs, therefore tables are people.&#8221;<\/p>\n<p>Anyway,\u00a0I&#39;m sympathetic to\u00a0Ben&#39;s concerns\u00a0about portability:<\/p>\n<blockquote><p>&#8220;Furthermore, if you are going to achieve portability of credentials, then you can either do it in dreamland, where all users carry around their oh-so-totally-secure bluetooth credential device, or you can do it in the real world, where credentials will be retrieved from an online store secured by a password.<\/p><\/blockquote>\n<p>I don&#39;t dismiss dreamland &#8211; isn&#39;t that what iPhones want to be?\u00a0 But we do need lightweight roaming.\u00a0 Using an online vault secured by a passphrase is a reasonable way to\u00a0bootstrap a secret\u00a0onto a\u00a0machine.<\/p>\n<p><strong>But not\u00a0the browser!<\/strong>\u00a0<\/p>\n<p>The rub is:\u00a0 once a user gets into the habit of typing this secret into <em>the browser<\/em>, she&#39;s ready to be tricked.\u00a0 I&#39;ll go further.\u00a0 If\u00a0 the vault one day accrues enough value,\u00a0a browser-based system\u00a0WILL\u00a0fail the user\u00a0&#8211;\u00a0sooner or later.\u00a0\u00a0\u00a0<\/p>\n<p>Ben concludes:<\/p>\n<blockquote><p>&#8220;If you believe the Cardspace UI can protect people\u2019s credentials, then surely it can protect a password?<\/p>\n<p>&#8220;If it really can\u2019t (that is, we cannot come up with UI that people will reliably identify and eschew all imitations), then how will we ever have a workable, scalable system that includes recovery of credentials after loss or destruction of their physical goods?&#8221;<\/p><\/blockquote>\n<p>There&#39;s\u00a0food for thought\u00a0here.\u00a0\u00a0Start to take advantage of the engineering in CardSpace, and you inherit significant protection in terms of both phishing and pharming.\u00a0\u00a0So if Ben implements his &#8220;Single Password&#8221; this way, he\u00a0could start to\u00a0be reasonably confident\u00a0that the &#8220;function of the\u00a0password&#8221; is what is released, while the\u00a0password is guarded.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Using an online vault secured by a passphrase is a reasonable way to bootstrap a secret onto a machine.<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[8,23,44,5,4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/928"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=928"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/928\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=928"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=928"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=928"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}