] I'm not sure SSL is really all that useful. It would prevent
] people from stealing your password over the wire, but I don't
] think most of these attacks are sniffing related. It would
] also allow you to authenticate that you are entering your
] password on my site, but I think most people who would fall
] for a phoney login would still fall for it. I'll bet if you
] offered it for a small fee few would buy.
SSL takes the ability to use proxies out of the equation.. Most (read: almost all) open proxies out there do not relay SSL. Hence, it raises the bar for the work needed to distribute an attack across hosts.
SSL would only secure the login process, cookie replay could still be accomplished. You can do some skey like shit with cookies, but hijacked sessions are not the problem big problem. The big problem is someone being able to maintain crazy numbers of sessions, without us knowing. That's how you would manipulate a system, and cause some real havoc.
] People get into your account because they guess your password,
] or because you leave yourself logged in and then your friends
] come over and use your computer, or because you use the same
] password all over the place. There isn't much that I can do
] about these attacks as a site manager. I need YOU to use
] client certificates to login to my site, and you need to keep
] your certificate on a smart card or ibutton that stays on
] your person.
Again, I don't think this is the "big problem". Harmful trolls and spammers are going to be the problem. Remember the discussion on Everything In Moderation driven by the Slashdot troll? Those are the dudes I'm worried about..
Those are going to be our terrorists.. One of them can do soooo much damage, and their attacks are hard to profile, predict, and defend against while not getting in the way of users. I'm dreading the arms race..
] Is anyone using technology like this? Would you want to use it
] to access MemeStreams if it was available? What do you think?
In general, I use the hardest authentication that makes sense and doesn't get in my way. I figure we will support SSL for logins, and soon.. Why not? I'd prefer to enforce it, as every browser from lynx on up supports SSL these days. Make life for the "terrorists" that much harder, and at least the users who use the same password everywhere are a little less at risk of having all their other accounts owned if someone happens to be pw sniffing them logging on us. Network Effects.
However, it must be remembered that at the heart of most security problems is something biological. The user on the other end is the weakest link, and as you said, its on them to have an idea of what risk they are at and to protect themselves.
Obviously as sysops we will do our best to make user's aware of risks, but we can't really do much.. If someone targets a user, and wants to break into their account, the methods used are going to be focused on the user, not us.