> This is akin to saying "putting locks on my doors is
> inconvenient, so I won't bother .. to hell if I get robbed".
No, but it is akin to telling someone "every time you sign your signature
for an account, you have to do it differently, and evey time you use an
ATM, a new number will be give to you"
> The point is that future computing platforms are going to rely
> on non-reusable password technologies, and now is the time to
> educate users towards them.
Thats a very sweeping statement. On what foundation do you base your
belief? For belief it must be because I see no argument backing it up.
> I think you'll find that any future
> sysadmins are going to have to deal with these technologies,
> dissmissing them because of minor inconveniences isn't going to
> cut it when you're faced with cleaning up after your passwords
> have been compromised.
I wouldn't call it a technology, but a technique. Calling it a technology
implies that it is an advance on the existing state. I think you may be
putting the needs of the SysAdmin in front of the needs of the users.
Improving the integrity or maintainability of a system does not always
improve its usefulness as a tool. To use yet another analogy, its like
getting your car fixed and the mechanic telling you:
"We moved the engine onto the front seat. It makes it a lot easier to work
on it if its in the open. This way, if anything goes wrong we can get to
it straight away"
> I'm not going to argue further, because authentication _is_
> heading in the direction of these systems and if you haven't
> realised that, you're out of touch with the real world. While
> S/Key isn't "the only answer" it's well worth consideration.
I don't see a "well considered solution" as being one which requires you
to remember (or write down) a new password every time you log in for every
system you have an account on. God help anyone who looses a wallet, because
every wallet will contain the keys to all the information that you own.
A "well considered" system is one which has been discussed and argued about.
If this is the way systems are going, then I think arguing it *is* in
order. The users are part of the system, not external to it. They should
have some say in anything that has a direct impact on them, and not
ignored and treated like ignorant children.
Scott Hopwood email@example.com
'A monkey throws,
A spinning bone,
A silent spaceship'