- From: James A. Donald <jamesd@echeque.com>
- Date: Fri, 09 Mar 2007 12:44:06 +1000
- To: Chris Drake <christopher@pobox.com>
- CC: public-usable-authentication@w3.org
Chris Drake wrote: > v) man-in-the-middle (proxy) attacks are made very > difficult, since > the user is instructed to check the SSL status > initially, and the server will be able to verify > logins are occurring from legitimate IP addresses. But the user is not going to check the SSL status initially, for the same reason as he was not checking for the presence of the photo until you changed the login procedure to make him click on it. And if he was checking on the SSL status, we would still have the mountain credit problem - that there are too damn many SSL protected names that are too similar to each other. And there are all those asshole sites that keep randomly changing their SSL protected name for obscure reasons, thereby teaching me to ignore the SSL protected name. If asking the user to check for the SSL status was good enough, asking him to check for the presence of the photo would be good enough. > vi) dictionary attacks can be made difficult by giving > no indication > of incorrect password attempts, besides the > decision to NOT show the users photo on the next > screen: users will understand the mistake > immediately when they don't see their photo - > hackers would not know what photo to look for - > thus won't know when they've found the correct > password. If you show the wrong photo to a wrong password, users will get confused. If you provide more definite feedback, no photo at all, attackers will not be confused. This reminds me of the problem the Park Authorities had with making bear proof garbage cans - that there is significant overlap between the mechanical intelligence of tourists and bears.
Received on Friday, 9 March 2007 02:44:00 UTC