[Full-disclosure] OpenID. The future of authentication on the web?

[Larry Seltzer]

>>The correct solution, IMO, would be an encrypted password vault,
stored on a USB drive and only available through the use of a password
and some other form of identification (biometric, etc.) 

What about kiosks and other situations where it wouldn't be secure to
allow arbitrary people to insert USB keys? This vault requires a support
system of some kind; does there need to be software on the system to
read it? Do you trust that software?

This also presents the problem of when the user loses the key or if it
fails. They had better have a backup of it. A service doesn't have any
of these problems.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer at ziffdavisenterprise.com