

Announcing TrustAuth for WordPress (formerly Foamicate) - romaimperator
http://trustauth.com

======
pronoiac
This uses browser plugins and public-key cryptography.

The technical details page[1] mentions some problems and workarounds. Some
more issues I see:

* How do you securely log in from an internet cafe?

* What if someone gets your private keys, and gets your password with a keylogger? This looks like "game over."

[1] <http://trustauth.com/technical_details>

~~~
romaimperator
* How do you securely log in from an internet cafe?

For this we're going to have to rely on SSL but the server does check that the
messages sent by itself and by the browser plugin are not modified in transit
and will prevent login if they were.

* What if someone gets your private keys, and gets your password with a keylogger? This looks like "game over."

Well the encryption key is derived using random salts that are in the database
so a keylogger alone won't work. Of course it would be trivial to create
software to steal the salts as well but if you're computer is infected with
malware TrustAuth is no worse than passwords.

