> PM> Some browsers even support "cookie files" or whatever they may be
> PM> called and handle this authentication procedure completely in the
> PM> background (i.e. without bothering the user at all).
>
> This I don't get. If you don't do some part of the process via email
> (since that's the only way to prevent address faking) how can you be
> secure? You have to bother the user, although you could require them to
> enter their key only once and stuff it in a cookie so they don't have to do
> it again. (I think; keep in mind that I don't do web things much.)
Yes, this is exactly what I meant, and how I've seen this done... I
think it's a good procedure, because they need to enter or copy&paste
their key only once. It's much easier to get a computer-illiterate
person to do something correctly once, than to get him or her to do it
correctly always.
-- Norbert.
References:
|
|
