Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Could we improve password security by using a public/private key system?
1 point by joshaidan on June 20, 2011 | hide | past | favorite | 5 comments
Could we not improve password security by using a public / private key system, integrated in our web browsers?

For example, I give every website I login to a public key. When I login to the website, the website uses this public key to encrypt a secret message. My browser automatically reads the secret message, decrypts it with my private key, and then sends the message back to the website. If it's the correct message, it lets me in. This whole process would be integrated into the web browser making it transparent to the user.

Should the website get hacked, then all they have is my public key. Not much they can do with it. Is there a system already out there that already implements this system of authentication?



I guess one problem that occurs to me as I think about this, is how do you move your private key around between browsers?


Maybe store the private key on your smartphone, and have the smartphone do the actual decryption of the secret message so the key never leaves the phone.


Yes: SSH allows for password-less logins through the use of public/private key pairs.


Yeah that's right. I want the same for websites. :)


Like SSL client certificates?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: