The Firefox password manager vulnerability
Posted Dec 3, 2006 16:02 UTC (Sun) by k8to
In reply to: The Firefox password manager vulnerability
Parent article: The Firefox password manager vulnerability
I believe your parent is referring to the idea of having a password which is never set, but it is merely pre-arranged.
That is, a one-time password system where both parties can generate an unending linear set of passwords, so each password is generated by, and known to both parties in advance, but is only disclosed the once to authenticate. Traditional passwords become less secure as they are used. One-time passwords are discarded on use, so there is no lessening of security.
The downside of one-time passwords of course is they take even more effort than regular passwords, and at the rate at which passwords (ab)use is multiplying, I think neither is sustainable.
to post comments)