Jump to content

piercedRichard

Level 1
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About piercedRichard

  1. I think that I agree with a lot of what is said here. Frankly, the user and password system is broken on the internet. We rely too much on them, and most people only have 2-3 passwords. We all know that, though. What would be good, in my point of view, is to have an optional 2FA solution using any of the following: SMSOATH-compatible service - Google account, for instance, since you offload the authentication to the third party, which already supports 2FA(kind of)2FA Hardware tokens - The kind that display a 6 to 10-digit code that you put in in addition to your password (sometimes at the end of the password or username). We buy the tokens either from you, or from another vendor (Like the c100 tokens from Feitian)Yubikey - Specifically the Neo, but maybe work with Yubikey to create a solution with a micro-USB connector, so you can plug it directly into your phone like a USB OTG cable. For mobile, maybe allow authentication via Bluetooth (i.e. You can log in to EN on your mobile app by username, password, and having a specific bluetooth device connected (since all are supposed to have unique MAC addresses). They can be spoofed, of course, but it's a bridge until we all have NFC. I would also like to see a built-in optional certificate-based encryption, compatible (on Windows) with smartcards / certificates. Make it so that we can have multiple certificates that will unlock the account's master key (which we don't know). All data would be encrypted with the account master key, and the master key private key would be encrypted with each certificate we have set up. The recent EN hack wasn't the end of the world, from what I have read. They didn't get into the database, but you never know what'll happen next time. Regardless of what they do, it would be really nice to see it happen soon, at bare minimum on the desktop side (even if it's not a full security fix, just to get the solution started and get our "feet" wet / purchase what we need for the final solution). Make it initially available to only paid members (so you can have people sign up for your awesome, cheap service), giving your more money to work on this
×
×
  • Create New...