Difference between revisions of "Talk:Viewer Authentication Critique"
Jump to navigation
Jump to search
Matthew Dowd (talk | contribs) (Initial points) |
Matthew Dowd (talk | contribs) (→Cons) |
||
| Line 30: | Line 30: | ||
=== Cons === | === Cons === | ||
* Inconvenient for those with alts | * Inconvenient for those with alts | ||
** Cumbersome to change alts and logon with multiple alts | |||
** Those with alts, often have a primary account which is used for forums and logged on permanently to forums even when the alt is online in SL | |||
* Inconvenient for those with multiple clients | * Inconvenient for those with multiple clients | ||
Revision as of 10:28, 29 September 2007
Security
Pros
- Viewer does not have to process (and "see") username and password
Cons
- Viewer still involves running trusted code on the computer and could initiate other attacks e.g.
- Silently buy L$ and pass onto another account
- Pass token onto bot, and drop the users connection
- Potential for phishing websites to entice users to enter username and password and then pass control to SL website and viewer.
Alternatives
Flexibility
Pros
- Enables username/password authentication to work on third party sites without them having to "see" username and password
Cons
Alternatives
- OpenID
- CardSpace
- Identity Metasystem
Persistence
Pros
Cons
- Inconvenient for those with alts
- Cumbersome to change alts and logon with multiple alts
- Those with alts, often have a primary account which is used for forums and logged on permanently to forums even when the alt is online in SL
- Inconvenient for those with multiple clients
Alternatives
- Is this really needed?
--Matthew Dowd 11:27, 29 September 2007 (PDT)