Talk:Viewer Authentication Critique

From Second Life Wiki
Revision as of 11:28, 29 September 2007 by Matthew Dowd (talk | contribs) (→‎Cons)
Jump to navigation Jump to search

Security

Pros

  • Viewer does not have to process (and "see") username and password

Cons

  • Viewer still involves running trusted code on the computer and could initiate other attacks e.g.
    • Silently buy L$ and pass onto another account
    • Pass token onto bot, and drop the users connection
  • Potential for phishing websites to entice users to enter username and password and then pass control to SL website and viewer.

Alternatives

Flexibility

Pros

  • Enables username/password authentication to work on third party sites without them having to "see" username and password

Cons

Alternatives

  • OpenID
  • CardSpace
  • Identity Metasystem

Persistence

Pros

Cons

  • Inconvenient for those with alts
    • Cumbersome to change alts and logon with multiple alts
    • Those with alts, often have a primary account which is used for forums and logged on permanently to forums even when the alt is online in SL
  • Inconvenient for those with multiple clients

Alternatives

  • Is this really needed?



--Matthew Dowd 11:27, 29 September 2007 (PDT)