This is a good idea; but if your single computer is hack'd that is just as bad as if someone just got on your computer when you were just walking away and you were still logged in.
It makes identity and account problems just as problematic.
I actually like the auditing idea; however I think he goes a bit overboard about having GeoIP for every single login because I know many people log in from tons of different locations all the time.
Maybe a more simpler alternative would work; but it needs to be well thought out for sure.
IP checking's not necessarily going to help. If I get your passwords, I'm going to try them with every site I know about in a matter of seconds.
Public key crypto does seem to be a better solution - I've heard it proposed a number of times among security people now. And it has some nice features even when you assume that user computers are still vulnerable to attack.
• It seems to be a harder problem to hack all the users of a service than it is to hack the service itself
• If you abstract the public key stuff into the browser nothing would change in that regard. You can use different passwords packaged with your key. Personally I don't think it's worth the bother if you assume that people tend to use the same passwords but... whatever.
• You could do all the crypto on a token and use interface controllers to reduce your attack surface there.
The difficult bit, as far as I can tell at the moment, is that it requires people to know that there's a file they need to keep safe if they want to hang onto their accounts. I really think you'd need a physical token to get it down to the level that many people are capable of understanding, and then you'd better pray they don't lose it....
If we're gonna trend that way, we add complexity - and that's not going to get people to adopt.
> but if your single computer is hack'd that is just as bad as if someone just got on your computer when you were just walking away and you were still logged in.
Computer security usually starts out from the assumption that physical access to the machine == completely vulnerable, whether you were logged in or not.
You can always buy a hardware security token, which gets the key and never ever releases it away.
Hacked computer will mean, the attacker will be able to sign authorization requests (if they know the password for the token) just while they have access to your computer. Fix the security issues and you're safe again.
It makes identity and account problems just as problematic.
I actually like the auditing idea; however I think he goes a bit overboard about having GeoIP for every single login because I know many people log in from tons of different locations all the time.
Maybe a more simpler alternative would work; but it needs to be well thought out for sure.