
Net boffins plot password alternatives - gulbrandr
http://www.theregister.co.uk/2011/04/04/password_alternatives/
======
Andaith
Nothing is ever really going to solve man-in-the-middle attacks except end to
end encryption.

It has to be something agreed on by both parties, easy for the user to
remember, and if they use it in multiple places and it ends up compromised
they have all their eggs in one basket.

Other than that, I thought biometrics were a good idea. Retinal scans or
finger-print scans and the like. The data still needs to be sent over the
internet, so the encryption is a must.

Another thought, the machine the user is using is likely compromised as well.

Glad I'm not being paid to come up with a solution... it will be really
interesting to see what they come up with though.

------
JoachimSchipper
You can find the paper at <http://eprint.iacr.org/2011/172>. I haven't read it
yet, though.

