[cap-talk] Webkeys vs. the web

[David-Sarah Hopwood]

Stiegler, Marc D wrote:
> I am presuming that the service would be using the "forgot your password"
> protocol anyway for people who forget their password.

Only if, for that particular service, the vulnerability created by
sending passwords in cleartext email is acceptable.

> In which case, there is no increase in vulnerability: an attacker who
> has the prerequisite mitm authority can always simply run this attack
> against you anyway, just by clicking "forgot my password" button for you :-)

*If* the service has a cleartext email "forgot my password" facility,
then there is no increase in vulnerability, but relying on "forgot my
password" alone results in a decrease in usability relative to my
proposal: in my proposal a user immediately gets to the desired page
after entering their username/password, without having to check their
email.

> The advantage of my proposal is we are not adding yet another password
> to the burden.

Users expect the burden of managing passwords; they do not expect to
have to check their email on every visit to a website that is not from
a bookmark. In any case, *if* the cleartext email vulnerability is
acceptable then it's possible to provide both UIs, and users who always
rely on "forgot my password" then do not have to manage their passwords.

-- 
David-Sarah Hopwood ⚥