Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] OpenID authentication (backed by LDAP!)

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] OpenID authentication (backed by LDAP!)


Chronological Thread 
  • From: sjeap <sjeap AT lavabit.com>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] OpenID authentication (backed by LDAP!)
  • Date: Fri, 07 Sep 2012 12:54:47 +0200
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=lavabit; d=lavabit.com; b=qpwc61immPhRucWDsZkMwMUzJm27gQp8ig93OilplsCIHPijKUX9ScxAsY7nbfrEI7IrfeNEjrlF8WiG2/bJfOtekzjgNvkJx5p9ERkYHZcEkCc+dnYXV7iG/fbgRHoWGP46usszp+qLiq29omqPVmlgUuZ0cwpl7vhvX7sPehM=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding;

That's actually an idea, but lacks in portability. Using all those
accounts with a separate laptop should be doable with a similar system
(cloning, using the same truecrypt partition), but what will you do if
you want to use certain accounts with your smartphone?

Moreover, to really use that encrypted backup with other systems, inside
it should be in a form like site/login/pw, so you have to write down
each triple still separately, which could be a long list when one even
can't remember the number of accounts. And there we are again. An
approach would probably be, to store a small securely (depends on what
one actually needs - what the average user rates as secure could
sometimes be decrypted easily, and one should consider that also highly
encrypted files sometimes don't represent a heavy barrier for some
organisations) encrypted truecrypt volume in the cloud and access (auto
mount, fetch data to site) that with your devices. Although maybe a bit
off-topic.

Regards sjeap

Am 06.09.2012 15:35, schrieb Peter Green:
>
>
>> Yeah, it is also a thing of keeping track of a particular number of
>> accounts where one is registered.
>
> This has confused me for a long time and particularly when it involves
> computer users of a higher than avarage ability...
>
> How hard is it to encrypt your systems hard drive or home dir'? Then you
> can let your system remember as many different logins as you want!
>
> I have lost count of the number of login details I have, what with the
> sites I admin' as well as my own stuff, it's really not that difficult.
>
> I never make up memorable passwords, there's no need, and so you can have
> secure ones too.
>
> I also keep all login details in an encrypted backup.
>
> It really isn't hard to have countless passwords.
>
> Just my thoughts though...
>
> Peter
>
> -------- Original-Nachricht --------
> Betreff: Re: [opennic-discuss] OpenID authentication (backed by LDAP!)
> Datum: Thu, 06 Sep 2012 15:13:26 +0200
> Von: sjeap <sjeap AT lavabit.com>
> An: discuss AT lists.opennicproject.org
>
>> > And in regards to having an account per site>
>> > If you visit a random website and it requires you to register to read an
>> > article, would you do that? I just pick another page since it's annoying
>> > to have to think of another password.
> Yeah, it is also a thing of keeping track of a particular number of
> accounts where one is registered. You don't have to have one account for
> all, but nearly one account for each site/service, that really is annoying.
>
> Regards sjeap
>
> Am 06.09.2012 11:50, schrieb Alex Nordlund:
>> > On Thu, Sep 6, 2012 at 9:58 AM, Simon <simon AT hacknix.net
>> > <mailto:simon AT hacknix.net>> wrote:
>> >
>> > On 09/06/12 09:56, Filip Lamparski wrote:
>> > > I, on the other hand, disagree: it can do good if you can choose
>> > whether
>> > > or not to use central auth or use separate logins.
>> >
>> > I can see the value in offering choice here. As long as it's
>> > optional.
>> >
>> >
>> > There's really nothing stopping a site from offering both, many sites
>> > offering OpenID registration and login simply use your OpenID data to
>> > create an account, then let you pick a password and in the end you can
>> > login with both your password and your OpenID.
>> >
>> > Now, there's nothing stopping you from accepting more than one OpenID
>> > provider either and as an operator you're still in control of your
>> > database no matter what you do.
>> >
>> > And in regards to having an account per site>
>> > If you visit a random website and it requires you to register to read an
>> > article, would you do that? I just pick another page since it's annoying
>> > to have to think of another password.
>> >
>> > ---
>> > //Alex
>> >




Archive powered by MHonArc 2.6.19.

Top of Page