

Ask HN: Could we improve password security by using a public/private key system? - joshaidan

Could we not improve password security by using a public / private key system, integrated in our web browsers?<p>For example, I give every website I login to a public key. When I login to the website, the website uses this public key to encrypt a secret message. My browser automatically reads the secret message, decrypts it with my private key, and then sends the message back to the website. If it's the correct message, it lets me in. This whole process would be integrated into the web browser making it transparent to the user.<p>Should the website get hacked, then all they have is my public key. Not much they can do with it.  Is there a system already out there that already implements this system of authentication?
======
joshaidan
I guess one problem that occurs to me as I think about this, is how do you
move your private key around between browsers?

~~~
joshaidan
Maybe store the private key on your smartphone, and have the smartphone do the
actual decryption of the secret message so the key never leaves the phone.

------
nbpoole
Yes: SSH allows for password-less logins through the use of public/private key
pairs.

~~~
joshaidan
Yeah that's right. I want the same for websites. :)

------
wmf
Like SSL client certificates?

