On Jun 7, 2012, at 19:24, Randy Bush wrote: > this is a feature, not a bug. you should be explaining to them why they > should never type passwords on another's keyboard, log on to anything > from an internet cafe, ...
And this is where you lose the user. It doesn't matter that you're entirely right about the security risks of doing so, but real-world security is all about finding a balance with usability. Situations where the data really does need to be secure are great for mandating public key authentication, as you point out it raises a significant technical barrier to the unskilled user preventing them from even attempting to access it from anywhere they shouldn't. That said, I doubt anyone but the most insane of security geeks are using it for their personal email. If the value to the person of being able to access their data from $random_computer exceeds the perceived risk, they'll do it if they can. --- Sean Harlow s...@seanharlow.info
