« Back to blog
Posted

views
Upvote Upvoted 2
12 responses
Wow ! What's that Garry ?
Gregg
Gregg, from this post here: http://www.azarask.in/blog/post/identity-in-the-browser-firefox/

Garry, though the idea may sound sweet, two things:

1. It's not a new idea, they've been trying to store all password and identities and keys in one place for a long time, without success or security

2. No way in heck I'm letting my browser store any information I want to be secure.

It's always a balance between convenience and security, and this just seems to me to err too far to the convenience side.

natobasso
Have you seen OneLogin for Firefox? It's in testing: https://addons.mozilla.org/en-US/firefox/addon/50383
natobasso
Ok, I'm not ready to let ALL my connection datas in my browser, but for me it would be very cool to log one time and sign to all my social networks for example. The idea is good, but for targeted services only.
Gregg
"No way in heck I'm letting my browser store any information I want to be secure."

It's just like an OS. On your machine, if you have a mail client, you probably don't have it prompt you for a password. If you have a spreadsheet with financial information, you probably have it password protected.

I'd LOVE it if the browser gave me a PW prompt when I started it and defaulted to storing my auth info for all services (but obviously let me override for anything sensitive).

Can you imagine how utterly lame it would be if Mac OS tossed up a password prompt every time you booted up an app with an account (email, IM, skitch, evernote, etc)?

A visitor
I like the UI for that feature.
Brad Gessler
Tony, I think the browser and the OS are different beasts and can't really be compared 1:1. Sure, it would annoy me to have to enter a password all the time, Vista is an example of this, but the browser is the easiest piece of software to hack.

What I'd rather have is somewhere secure, online, that stores my basic personal data so I don't have to set it up agaiin every time I join a new service.

THAT'S something I'd be excited about.

natobasso
Technically speaking, browsers already track your identity using session cookies. All this UI would do is probably let websites like posterous set your username / photo and manage login/logout by telling the browser what the session cookie actually is.

The browser would probably manage password the same way it might today where it remembers the password for you.

I don't think there's anything particularly troubling about letting the browser handle this at all.

Garry Tan
I never let my browser store any of my passwords or any other data I enter into forms. As for cookies, I delete those every time I close my browser (yes, I am anal about my data, ha ha!)

Anyway, this is a neat idea, but it's not a new one.

natobasso
Ca fait quand meme bizarre, parce que je ne sais meme pas afficher les menus de catégories ni la home page. 
Tu dis que c'est complet ? ;) C'est la que la puissance du open source m'épate. 
Par contre le code doit être une usine à gaz
Gregg
2 visitors upvoted this post.