[cap-talk] Webkeys vs. the web
raould at gmail.com
Wed Apr 1 18:31:13 EDT 2009
> If web apps invent some new contraption, like a rectangular box containing a
> spinning diamond or whatever, that represents "a valuable webkey", and if we
> educate users about what that means, then at that point we have empowered
> *and* informed them and -- by our favorite model at any rate -- all is well.
i think my problem is that leaving it up to the users is scary. i
mean, how many times have i accidentally sent email to the wrong
place, or whatever other standard foot-in-mouth internet thing? does
that mean i'd like sharing of a web key to require some 2 factor
authentication? is that too much like the fact that anybody who uses
"-i" with "rm" can still eff up because they are in the mental motor
memory habit of just always typing "y"?
security and usability just don't go together well, as far as i know.
i realize the whole capdesk type approach sounds like it is aimed at
making that claim invalid, and presumably somewhat likewise the whole
webkey thing. but i'm crotchety enough that i don't buy it yet. :-)
not that (a) that probably matters much or (b) should stop anybody
else from trying, of course.
More information about the cap-talk