** problem ** the MAID is safely stored in the users head, but a key logger on your own machine or the machine in a public space could easily capture your login data and give access to all your information.
This follows from the two lengthy threads "DOS attack’ and ‘proof of unique human’, so I thought it best to start a fresh topic.
** partial solution 1** the use of external ‘trustworthy devices’ to authenticate.
-
Trezor (http://www.bitcointrezor.com) for the bitcoin wallet is interesting; but it would have to be redesigned specifically for SAFE, and should include at least some kind of PIN, or fingerprint to validate the proper user. (if not, losing it your whole digital life can get stolen.)
-
Nymi (http://www.getnymi.com) is another very interesting product, in particular for the Anonymous ID from SAFE. I didn’t like this project before (as it’s not open source) because I don’t want to be wearing a wireless dog tag that shouts continuously who I am. But MAYBE with an anonymous ID it could work: you still type in your MAID but the password is done through signing a challenge from the network with the private key (of a braceletMAID, not the main MAID) inside the bacelet?
** partial solution 2 ** : I still love voice print recognition
after logging in, you give a voice password, (some hash of which) should match the previously left voice password. So every time you log in, you speak two words: one of them is new, the other one should match the new one from last time. As I write this, I realise it’s pretty bad: the computer you use to log in can record your voice as easily as the keystrokes, so it has a 50% chance of replaying the right word :). This needs a better strategy !
Any ideas?