Kim Cameron, bless him, manages to interpret one of my most diabolical hungover bits of prose ever. I am totally with him on the problem of pharming, but the reality is that the average Cardspace user authenticated with nothing better than a password (when they logged into Windows). Furthermore, if you are going to achieve portability of credentials, then you can either do it in dreamland, where all users carry around their oh-so-totally-secure bluetooth credential device, or you can do it in the real world, where credentials will be retrieved from an online store secured by a password. And yes, we’ll encourage people to make sure that’s a passphrase, and they don’t type it in in web cafes, and all that. And the corporate VPN types will use SAML and doohickeys with keypads. And maybe if they’re really smart the “online store” will actually be a USB stick and a backup split between a few of their best friends.
But we have a simple mission: protect that password.
If you believe the Cardspace UI can protect people’s credentials, then surely it can protect a password?
If it really can’t (that is, we cannot come up with UI that people will reliably identify and eschew all imitations), then how will we ever have a workable, scalable system that includes recovery of credentials after loss or destruction of their physical goods?