[cryptography] more oneid stuff 2-factor when smartphone offline scenarios (Re: replacing passwords with keys is not so hard (Re: PBKDF2 + current GPU or ASIC farms = game over for passwords))

Jonathan Thornburg jthorn at astro.indiana.edu
Tue Oct 1 20:00:23 EDT 2013

On Tue, 1 Oct 2013, Adam Back wrote:
> The point is rather to switch to keys.  Check out oneid.com.  [[...]]
> Its easy to use, just read the transaction confirmation on your smart phone
> and click a button, thats the user experience.  [[...]]

>How do I use this if I'm somewhere with no cellphone reception?

The use case I was raising is where I have internet access (whether
wired or wifi is immaterial) but no cellphone reception.  This occurs
in some rural areas, and in hilly areas in some cities.

It would be interesting to know how common this situation is.  I.e.
what percent of the valid logins to <online service> occur at a place
and time where the user doesn't have cellphone reception?  Have there
been any (well-done) surveys to estimate this?


-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
   Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
   "There was of course no way of knowing whether you were being watched
    at any given moment.  How often, or on what system, the Thought Police
    plugged in on any individual wire was guesswork.  It was even conceivable
    that they watched everybody all the time."  -- George Orwell, "1984"

More information about the cryptography mailing list