From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WW5i5-0004kz-Qq for bitcoin-development@lists.sourceforge.net; Fri, 04 Apr 2014 15:07:13 +0000 X-ACL-Warn: Received: from mail-ob0-f176.google.com ([209.85.214.176]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WW5i4-0005j6-I5 for bitcoin-development@lists.sourceforge.net; Fri, 04 Apr 2014 15:07:13 +0000 Received: by mail-ob0-f176.google.com with SMTP id wp18so3591795obc.21 for ; Fri, 04 Apr 2014 08:07:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=dOozmKPWJoBcc6HncCk3a8k2bB90EPukP5kjTD5DFKo=; b=GrKQnBBLxSo1TfJ4ceSsNsqxLVNONQk5Ql94TRi9Pjvuiq3JR0c+pp/QwkMuwdGH2v 0153kVMx0pS8/nA3G4ZEAzrnzWZBIiTDliOqylCxUve7+30yYermXOIUOMnDjZtUrbfn 6treFsHM1KkMbZXhPbQZB8v7Xyspg4m4vwm4f7U2aKYdFuaHqVU91nslqsANm5h5ZuIg WNdWfKVLNVJCfL8qgBOHI9rpBkqS1FAJFOQ0WjSOR+jxWF/qn5ZoufN1doPINirDkIka G/vlF5Dz8D7kVoglBjlFWUgY0+0Zv9HmTN+TMlypih7p/SZA8BXOYlItq/pQJRWv8/iU VdUQ== X-Gm-Message-State: ALoCoQlEmP8OHsOctqZbxEIis5pp8E+fa7adtYa7xcUKF092IaCetdWLb0Y0422LJn21uXq+xPdJ X-Received: by 10.60.62.146 with SMTP id y18mr20063229oer.24.1396623639828; Fri, 04 Apr 2014 08:00:39 -0700 (PDT) MIME-Version: 1.0 Sender: marek@palatinus.cz Received: by 10.60.102.9 with HTTP; Fri, 4 Apr 2014 08:00:09 -0700 (PDT) In-Reply-To: References: From: slush Date: Fri, 4 Apr 2014 17:00:09 +0200 X-Google-Sender-Auth: ZKfZQKQcSwhezIIQbBdN_D1UpDY Message-ID: To: Mike Hearn Content-Type: multipart/alternative; boundary=047d7b6769e8eff56a04f638c7b0 X-Spam-Score: 1.0 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (slush[at]centrum.cz) 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1WW5i4-0005j6-I5 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Draft BIP for seamless website authentication using Bitcoin address X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Apr 2014 15:07:14 -0000 --047d7b6769e8eff56a04f638c7b0 Content-Type: text/plain; charset=ISO-8859-1 On Fri, Apr 4, 2014 at 4:51 PM, Mike Hearn wrote: > > I don't want to suggest the problem is unimportant - I'd love it if the > world could move beyond passwords. But I have many scars from my time in > the Google account swamps. We had a big team, lots of resources and even > just getting people to use their phone as a second factor - *the simplest > second factor possible* - was a huge uphill battle that most users just > didn't care about. People like passwords. If you can find a way to make > something that's better than a password but just as convenient, fantastic! > But I don't think Bitcoin addresses are such a thing. > > With all respect to your experience, I think you're wrong, for one reason. 2fa auth doesn't *remove* the need of password. It actually *adds* yet another layer, which complicates stuff for average user. Common user, which is not paranoid enough (like me) simply don't think he has anything to hide, so they simply don't see why they should *complicate* their live with 2fa, backing up their phone etc. In the oposite, authentication based on bitcoin wallet could make the process much easier and remove the need of passwords at all, because people *already* care about safe storage of their coins. Marek --047d7b6769e8eff56a04f638c7b0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

= On Fri, Apr 4, 2014 at 4:51 PM, Mike Hearn <mike@plan99.net> w= rote:
I don't want to suggest the problem is unimportant - I'd love it i= f the world could move beyond passwords. But I have many scars from my time= in the Google account swamps. We had a big team, lots of resources and eve= n just getting people to use their phone as a second factor - the simple= st second factor possible=A0- was a huge uphill battle that most users = just didn't care about. People like passwords. If you can find a way to= make something that's better than a password but just as convenient, f= antastic! But I don't think Bitcoin addresses are such a thing.


With all respect to your experience, I= think you're wrong, for one reason.

2fa auth = doesn't *remove* the need of password. It actually *adds* yet another l= ayer, which complicates stuff for average user. Common user, which is not p= aranoid enough (like me) simply don't think he has anything to hide, so= they simply don't see why they should *complicate* their live with 2fa= , backing up their phone etc.

In the oposite, authentication based on bitcoin wallet = could make the process much easier and remove the need of passwords at all,= because people *already* care about safe storage of their coins.

Marek
--047d7b6769e8eff56a04f638c7b0--