[sword-devel] SSO for crosswire

Jonathan Marsden jmarsden at fastmail.fm
Thu Sep 3 08:41:09 MST 2009


David Haslam wrote:

> Even without SSO, Firefox users could adopt automatic login for all
> these services, and just maintain a strong master password on
> Firefox.

Shell access?  SVN access?  These, at least, are not likely to be done
from Firefox :)  And the point is more that the user should not have to
sign up N times, one per service, and then, every few months, change
their password(s) in N different places to keep things secure.

Even once per organization is "too many" for some folks these days,
hence the rise of OpenID.  But that's a whole different issue.

> For web services not involving monetary transactions, this is probably a
> good enough solution for many people, apart from anyone in a sensitive
> country, or who regularly make use of computers in public locations.

I'd say SSO is more about convenience then necessarily about security
(although when you change your pws and forget one or two of the N places
to change it, that becomes a security problem!).

Personally, I deliberately do not keep any passwords in Firefox.  For
anything.  On machines I use frequently, I turn that off in my FF
profile, so that it never asks me about remembering them.  I'm probably
not an average user :)

Jonathan




More information about the sword-devel mailing list