Chapter 14. Secure Identity
Poor authentication is the leitmotif of Internet insecurity: Alice is not sure she is really dealing with her bank, and the bank is not sure it is really dealing with Alice.
Reducing the probability that Alice will be tricked into giving her password to an attacker is good, but an authentication credential that Alice is unable to give away is better.
Today, we use passwords for practically every type of Internet transaction regardless of risk; whether we are reading an online newspaper or trading stock, and despite knowing that they provide terrible security and have significant hidden costs.
No end of new authentication technologies has been developed over the past 20 years: smartcards, smart tokens, fingerprint and iris ...