[cap-talk] struggling to learn what techniques supplant passwords
Raoul Duke
raould at gmail.com
Thu Nov 3 11:40:46 PDT 2011
On Thu, Nov 3, 2011 at 7:06 AM, Jonathan S. Shapiro <shap at eros-os.org> wrote:
> Which is a great example of why the "capabilities as keys" analogy isn't
> perfect. A car key is something you have. A capability is not. A capability
> is something that your computer has (or equivalently: some storage device)
> that it holds on your behalf. And in the vast majority of cases, "possession
> of the laptop" is not a sufficient test of authority to wield in the eyes of
> the user. Most users have credit card and address information on their
> computers due to browser autocompletion.
also, from a regular human usability point of view, i'd say that it
can be nice not to have something like car keys. i can leave my laptop
lying around and (except for the fact that somebody who knows what
they are doing can e.g. boot into single user mode or use a livecd and
get around my passwords) don't have to worry that people can get stuff
off of it, because of the uid+pwd login ui.
More information about the cap-talk
mailing list