

Internet Giants Launch New System to Fix the Password Problem - techinsidr
http://www.securityweek.com/paypal-lenovo-alliance-launches-new-system-fix-password-problem

======
chayesfss
What we have isn't a password problem, it's an identity validation and
authorization problem that's exaggerated because there's no cheap, easy way to
perform 2-factor authentication. Last month Vint Cerf, Vice President and
Chief Internet Evangelist over at Google did a terrific presentation which is
hosted online at
[http://www.kaltura.com/index.php/extwidget/openGraph/wid/1_1...](http://www.kaltura.com/index.php/extwidget/openGraph/wid/1_1zv56fqf)
basically discussing the problems if identification and authorization. It gets
very good at the 18:30 minute mark. I know Google has done a lot to streamline
stronger authentication as has SecureAuth and I think we'll only see more
changes when projects like the FCCX come online. The stuff these companies are
trying to do seem stale and to be honest kind of worthless. On top of this I
don't consider Lenovo an internet giant and I'm not the only one that's been
burned to the point that I've killed off my account with PayPal. Now if Amazon
and Google started working together with companies like Ping, Janrain and
SecureAuth, then we'd see something that would be very exciting.

------
trebor
By making the devices the central source of proving identity you'd create a
new problem: theft of a device would become theft of identity. They could
"prove" that they were you because they had your device.

How is this more secure?

~~~
JoeAltmaier
It doesn't solve the $12 wrench security-breach, no. But when you keep your
self physically secure, your identity remains physically secure. That's
something.

~~~
trebor
Then in this case the criminal wins. It's easy for a law abiding citizen to be
pick-pocketed or robbed at gunpoint, and for the criminal to get away for long
enough to cause havoc.

