Keychain password management?
By Murray Bourne, 08 May 2007
In a recent newsletter, Elliott Masie railed against "password craziness".
No More Passwords - Time for a Keychain!
It is time for us to stop the password craziness. Not only is it hard to remember your dozens of passwords, it is also not very secure. A modest alternative is to use a plug in USB key that would validate who we are at that computer. The key could add biometric validation such as a fingerprint or could have a one instance password. The fewer passwords that are sent in the open space of the internet the better and this could go a long way in reducing spam and scams.
Elliott's idea is not new and possible right now.
Recently, banks in Singapore have required customers to use "2FA" (2-factor authentication) for Internet transactions. For one bank, they send me an SMS message with a code number which adds another password, but I don;t need to remember it.
For the other bank, they sent me a small gizmo (about the size of a thumb drive) and I need to obtain a number from that device and input it after the normal login to the bank's site. (I'm still thinking about how this works. Presumably there are a set of pre-defined numbers that appear randomly on the device and they need to match what the bank's numbers are.)
Either method, would help to reduce the requirement of passwords for every site we ever visit.
I'm so sick of the plethora of passwords I have to remember - all in different formats. We often cannot use the same one more than once (yeah I know, you aren't supposed to anyway...).
See the 2 Comments below.
9 May 2007 at 2:11 pm [Comment permalink]
maybe OpenID is another alternative.
10 May 2007 at 1:23 pm [Comment permalink]
Thanks, Jacky. OpenID> is what Dick Hardt of Sxip Identity was talking about in the link in my previous post.