[Freedombox-discuss] Identity UI
On Sat, 2012-06-23 at 10:27 +0200, Michiel de Jong wrote:
> On Sat, Jun 23, 2012 at 7:23 AM, Nick M. Daly <nick.m.daly at gmail.com> wrote:
> > So, identity is pretty fundamental to this project. Without identity,
> > privacy is a meaningless concept.
> good point!
> > The FreedomBox identifies a person or
> > group of people through their keys.
> IIUC, that seems to be design choice aimed at power users. You access
> your freedombox from either your laptop, or your phone, or an internet
> cafe, right? That means that you need to configure the key on your
> laptop, then configure it on your phone, and then export it onto a usb
> stick, then put the usb stick in your wallet, take it with you on
> holidays, not lose it, take it into the internet cafe, stick it into
> the computer there, and know how to use it to install use your key on
> this computer at the internet cafe.
> actually, power users probably don't even use internet cafes. my point
> is, in general, people want the device they use to get to their
> freedombox, to be stateless. if there is a key involved, then that's
> not stateless. All people can remember is their email address and
> their password. Should we design for these people? Should we teach
> these people new behaviour?
You should probably at least think of using an OTP.
It is easily available, relatively easy to set up, and you can use it
with a softtoken on your laptop/phone.
Mere passwords are easier to steal.
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>