By identity on Apr 29, 2009
Yesterday, I participated in a somewhat spirited discussion with colleagues about the pros and cons of using certificates in mobile devices to provide better security than common username/password techniques. Getting away from typing passwords on a cell phone would be very helpful. The main thing I really like about the method Henry described is the ease in selecting different certificates, which may represent different personas for a user. Being able to increase security and ease-of-use at the same time is encouraging.
However, I think we need to overcome some other key hurdles to bring this method into the mainstream. Some issues include:
- How will certificates be distributed and installed, particularly to people who are not particularly technology savvy?
- What methods will be used to verify that certificates match a person's real Identity?
- What will it take to get a critical mass of online sites to adopt this method of authentication?
- What happens if the phone is lost or stolen?
It will be interesting to seek how these and other relevant issues are resolved.
Technorati Tags: Identity, Identity Management, IDIB, Certificate, foaf+ssl