The nasty thing about identity thefts is that victims are usually not aware of the perpetrated crime. At least not until the consequent damage becomes self evident. And, of course, early detection can often avoid more serious outcomes.

Authentication is an essential part of any web application. But why are web service providers so secretive about their authentication protocols and procedures? Why they are not disclosing any information about how users’ credentials are communicated, verified and stored?

UPDATE - Clipperz Compact works smoothly also in Opera’s panel.

Clipperz Compact is a stripped down version of Clipperz online password manager designed to be opened in the Firefox sidebar. Its purpose is to keep your collection of “direct logins” always at hand.

Yesterday Microsoft officially announced Extended Validation SSL support in IE7 at the RSA show, but already some of these new certificates started appearing few weeks ago. An Extended Validation certificate is just like a regular SSL certificate, but with stricter issuing criteria.

In the last months OpenID definitely gained momentum. Everyone is running to provide support and integration. But what about OpenID phishing risks?

At Clipperz we are huge fan of cryptography as a tool to empower users and protect freedom, therefore we are beholden to all the people who contributed to the development of this science.

I find this idea from Ka-Ping Yee very compelling.

What if, instead of treating memorability as the constant and strength as the variable, we treat strength as the constant and memorability as the variable? Suppose we have the computer choose a completely random password, to guarantee good password entropy. The phrase-based technique shows that a phrase can be turned into a random-looking jumble of letters and numbers. With a sufficiently large word list and a basic knowledge of grammar, can a computer turn a truly random jumble of letters and numbers into a memorable phrase?

Kaliya, the Identity Woman, says that pass.net is “a new identity protocol”. To me it seems more a smart idea for implementing an effective single sign-on solution. With Pass.net the trick is to delegate identification and authentication to a third party: your email domain. Hence this SSO method is as secure as the mail server handling your email account.

UPDATE - We received lots of brilliant feedbacks about our proposal. A revised version is now available [here][98] with more “philosophical” background [here][99].