Hacker News new | comments | show | ask | jobs | submit login

How do you solve multi-device login? Also, that seems to require JS, which may or may not me a problem.

first of all, it doesn't have to be mandatory. classic auth via user/pw entry could still co-exist.

multi-device auth is possible too: each device could generate a client cert. the authenticator would have to be able to link multiple certs to a user account.

If you can use a password to generate/link a new certificate, wouldn't that mean the weakest link is again the password? Sorry if I am misunderstanding, it's a very interesting topic but I'm not sure I get it :)

it depends on how it gets implemented. if you decide that classic user/pw auth should co-exist it is of course still the "weakest link". sharing certificates across devices is also possible. os-x mavericks supports this natively with the new icloud keychain. although that might not be what you want, security-wise.

There's an issue with switching between using a password and a certificate: the password will end up being forgotten. You can probably solve this with email resets, but it's worth thinking about.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact