W3C home > Mailing lists > Public > public-credentials@w3.org > November 2016

Re: Ditching passwords / email identifiers

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sun, 20 Nov 2016 04:49:43 +0000
Message-ID: <CAM1Sok0ZZR6uFuNoTcRCc8oXtXmCt3eF146pMeBpGWB=a0HWOA@mail.gmail.com>
To: Jacob Pratt <jhprattdev@gmail.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>, Manu Sporny <msporny@digitalbazaar.com>
On Sun, 20 Nov 2016 at 15:22 Jacob Pratt <jhprattdev@gmail.com> wrote:

> Certainly an interesting idea. This could also take advantage of the
> increasing frequency of biometric sensors in mobile devices, eliminating
> the need for a code (or some other identifier). It would be much simpler
> than remembering a password, and much more secure for the vast majority of
> people.

:)  thank-you.

It also seems really v.simple to implement, and it's using existing
functions so it should be relatively straight forward to standardise.

I'd be interested in figuring out how this may relate to creds (from
community spec to more recent diversifications).

Other considerations is how this may provide an alternative to that in
which is outlined in various VISA EURO related 'claims'.

Could be paired with means for a QR Code to be generated at POS, linked to
a credential orientated statement (for instance).

Overall - I would be encouraged if the idea/s were further investigated.

NB also (seperate yet similar): TimBL expressed his desire to see N3
compatibility.  Manu was involved in a broader convo in relation to this
consideration made.

The broader context was a graph related issue with TTL and that N3 did not
share this problem.

I have been of the opinion for some-time that perhaps serialisations can
live harmoniously somehow, perhaps where the stuff that TimBL's more
focused on (ie: not web-payments or SEO related) should be supported in a
way that is inclusive to his 'vision' alongside support for the 'status
quo' herein, which seemingly moreover relates to payments related use-cases.

I have had the difficult experience of having been in the middle of the
serialisation wars; and whilst i'm cognisant that it was the javascript
wars that led to W3C,

I see some parts of this both healing and in continuum, unnecessary.

As one of the very few (in context of the ~7 billion people on the planet)
some of these issues seem to have been unnecessarily unfortunate.


> On Nov 19, 2016 11:05 PM, "Timothy Holborn" <timothy.holborn@gmail.com>
> wrote:
> had an idea that for places where mobiles are ubiquitous, the means in
> which to ditch passwords and email related AUTH could be facilitated by
> simply providing SMS authentication (or mobile app alternative) which
> in-turn means no password is stored for the account at all...
> mobiles are increasingly used for banking, simply by tapping them on a
> payment gateway (via NFC).
> people barely need to use their passwords to get into a password protected
> site, and a great many people have difficulty remembering them or keeping
> them safe.
> alot of email providers are internationally based (whereas mobiles come
> under telecommunications law, including the misuse of them) and in some
> regions at least - the receipt of a sms does not cost the recipient funds.
> i am aware of a few problems with that method, including company owned
> mobiles, lost phones, etc.
> yet,
> i figured it was an idea worth noting.  may be an opportunity within the
> general space.
> Tim.H.
Received on Sunday, 20 November 2016 04:50:27 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:32 UTC