I already carry a credit card, ATM card, key card, supermarket card and sundry other card-sized items for my everyday activities. Of course, I would happily use a smart card to perform everyday computing login activities for the same reasons. Unfortunately, there is no universal (or free) PC interface available for smart card to web application (for example) on the average PC, except maybe USB ports.
So why not develop a USB-based keyring-sized open-source widget that allows universal authentication on the World Wide Web? Yes, its a great idea, probably way ahead of its time or just a bit too good to be true. Who will pay for it ? It would require first a standard, then a hardware product, then a willing user and supplier base. I'd sign up tomorrow, but how could you convince ISPs, on-line banks, web service and other information providers to jump on this so obvious bandwagon ? I dunno. Maybe if two- factor login became a reference or universal standard (the way username + password is today, which is also 2 factor btw), it could happen. But I tend to believe that heavily marketed, proprietary solutions are the only real options out there now. My bank gives me a smart card, a hardware, hand-held pwrd generator and a one time code to use every time I log in and I still worry.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/277/29143#29143