Why strong password protocols

• Cheaper/more convenient than smart cards

• Easier to do server authentication

  • don’t need “trust anchors”
  • browser UI isn’t very secure
    • users don’t check for tiny little lock
    • users don’t notice if URL makes sense
    • some browsers allow server to overwrite URL

Previous slide

Next slide

Back to first slide

View graphic version