Web 2.0 Security & Privacy
When submitted my last article to reddit a user suggested an interesting paper from the Web 2.0 Security & Privacy Conference 2008, mainly the <input type=”password”> must die! paper, which suggests new methodologies for user authentication. I already mentioned a couple of times about password insecurities (if we may call them so) here and here, not necessarily suggesting a replacement for them.
This new methodology mentioned earlier is slightly different from OpenID because it suggests its implementation directly into the browser. Implementation that would be highly welcome, but unlikely to be found native in current browsers, and those soon to come. Another interesting paper I’ve read was Web Authentication by Email Address which takes the OpenID concept and brings it closer to the user, because a user is more accommodated in using an email address as an identifier instead of an url.
For more papers from the W2SP conference check out the 2007 or the 2008 papers.
