[Full-disclosure] OpenID. The future of authentication on the web?

[Pedro Hugo]

>>>The correct solution, IMO, would be an encrypted password vault,
> stored on a USB drive and only available through the use of a password
> and some other form of identification (biometric, etc.)
>
> What about kiosks and other situations where it wouldn't be secure to
> allow arbitrary people to insert USB keys? This vault requires a support
> system of some kind; does there need to be software on the system to
> read it? Do you trust that software?
>

And even encryption solution have their problems as the key recovery from
ram paper has shown...

If we use public/private keys with SSH, why not use it with more services,
like web ones ? :)
Keys owners would have the responsability to manage their keys (password
recovery procedures substituted by key procedures) and their passwords...

Of course it would take a long time to deploy and teach the general public
about it, but isn't that what security pros are trying to do for a long
time ?