Why is the implementation in C#? We are talking websites right? Shouldn't it be written in JavaScript?
Are people supposed to run a separate application and copy/paste the responses into the browser?
A person enters their username/password on the web page, then hits submit. The browser sits there for a while, showing "Computing PKI Key Pair. Please Wait..." and what about mobile?
I think tech and expected UX by the masses have outstripped what has been designed here.
The base tech and reasoning sounds good, but little thought has been done on the barrier to entry issue. This issue is going to be the user experience. Is it going to take 30 seconds to login to a website from your phone/tablet?
And then there are the people that turn off JS for security reasons... BTW, I remember this whole discussion from last year. https://lists.lopsa.org/pipermail/tech/2014-March/016206.html On 09/20/15 14:46, Edward Ned Harvey (lopser) wrote:
Pete, you wrote a lot. Thanks for reading and paying attention, but there were a lot of things you're off about, I'm definitely not going to respond to them all unless you want to clarify some questions that you actually want answered - I think the message, in everything I've written, has been clear: It is ok to reuse passwords at different sites, as long as the passwords are never exposed to servers. Unfortunately that's not the way most things are nowadays. CBCrypt is what we're putting forward as the solution.
-- Mr. Flibble King of the Potato People http://www.linkedin.com/in/RobertLanning _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
