h a l f b a k e r y
Go ahead. Stick a fork in it.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
or get an account
This idea tackles the problem of online authentication and
tries to make it harder for bad guys to log in to your
Suppose there were a server-side "neighborhood watch"
protocol/service set up on popular sites like google.com
and yahoo.com. I could set my google account to REQUIRE
that I am logged in to my yahoo.com account before
allowing me (or anyone) to log in to google.com. In other
words, when set up correctly under this scheme, servers
would do a little "background check" among neighbors to
make sure you are who you say you are. The paranoid (and
some, rightfully so) could set up a chain of authentication-
-"N-website" authentication. In this example, in order to
login to yahoo.com, I have to also be logged in to, say,
amazon.com; in order to login to amazon.com, I have to
be logged in to some obscure little website that no one
would guess... therefore, google.com becomes the
strongest link at the end of a chain: a person would have
to first login to obscurelittlewebsite.com, followed by
amazon.com, followed by yahoo.com, before being
allowed to log in to google.com.
The protocol would be pretty simple--basically, a layer
around the authentication portion of each participating
website that allows other websites to ask "Is user xyz
currently logged in?" This, coupled with an additional
setting (call it the "neighborhood watch" setting), would do
the trick--a pointer to another account on another website.
The user would go to the "neighborhood watch" section and
fill out the address of the other website (e.g. yahoo.com)
and the user's account on that website.
||Very good idea. Obscurelittlewebsite.com does not exist, yet...
||What happens when the owner of Obscurelittlewebsite.com forgets to pay their annual renewal fee?