Reading the Wired writeup on the Twitter password hack, I’m incredulous to read that there was no rate limiting on failed authentication. Given Twitter’s stringent rate limiting for API requests, this seems surprising. Not to mention that online password attacks are practically older than time. Fortunately,
As for addressing the security [...]
Clipperz and PassPack are two web services that store your passwords for you, and provide one (or two) click login to those sites whose passwords it keeps. In doing so, these services hopefully encourage you to select strong passwords that you wouldn’t otherwise be able to remember and thus improve your overall security. [...]
You use passwords, possibly dozens of passwords, to authenticate to websites daily. Passwords are a useful authentication tool because they function as a “thing-you-know” (a shared secret between you and the server) and because passwords can be changed (in case of loss, unlike say, your fingerprints).
In a diatribe against OpenID titled, “Goodbye, Passwords. [...]
