Identity Management

Aza Raskin describes here something that I have wanted for years. In short, Aza is proposing is a tightly-integrated-to-the-browser combination of two existing (and possibly abandoned) services: Sxipper, a form filler, and Clipperz, a password manager. It is great that somebody else is talking about it. However, I never did solve the problems I could come up with surrounding the solution. There may not be an elegant technical solution, but maybe there is something that is Good Enough™.

Problem 1: If the user does not know their passwords, they must be available to them at all times.

This is a deceptively difficult problem. Possible solutions include:

  • Telling the user that, actually, you don’t need the ability to log in to whatever website at any times.
  • Export a dead-tree version for away-from-your-primary-computer use. I can see this gold mine of information being misplaced at the most inopportune time. And it would suck to have to type in your secure 28 digit password: Re30t$%^qB…
  • Store the information encrypted in the cloud and decrypt it locally when you need it. We’ll move forward with this as a “solution” to problem one, but there are a number of flaws with it.

Problem 2: Tying the functionality into the browser core could turn any remote browser exploit into a springboard for TOTAL identity theft.

There is no solution to this. Stringent sandboxing can help protect against this but that doesn’t reduce the probability of this occurring to zero, just very small.

Problem 3: I must 110% trust the server in the cloud on which I am storing my information to both keep it private and not lose it.

There is no solution to this, software and people are imperfect. One bad apple employee is all it takes to ruin a good thing. Most users don’t perform adequate local backups even if they are done automatically. Many businesses are probably in the same boat. Bad/no backups and everybody gets locked out of all of their accounts. Not a fun day for the internets.

Problem 4: The attack surface area is HUGE (AKA your typical internet security concerns).

There is no solution to this problem. Servers, Server Applications, Internet Architecture, Operating System, Browser, Browser Plugins, and/or the idiot sitting in front of the computer are possible attack vectors. A hole in any one of these could lead to the inadvertent sharing of all of a single person’s information or all information on the central server. Two negative news stories later and nobody will ever trust it again.

Problem 5: That really freakin’ big red target that appears whenever everybody puts all of their eggs in one basket.

There is no solution to this problem. Given enough motivation (and I’d say there would be enough) it only takes one bug.

Problem 6: It sets up websites for a massive username land-grab.

Users will be more easily able to script sign-ups and register for sites that they never intend to use.

Conclusion

This is not to say that I don’t still think it is a good idea, but I do believe there is some serious thought that yet needs to be put into this.