EasyAuth

[rukov]

EasyAuth (EZA) is a proof-of-concept authentication system based on client SSL certificates that doesn't require users to remember any secrets.

It's much easier on your users than the typical password and secret question systems. Ordinary people just can't create and remember random passwords for every site.

This system stops attackers who can find out or guess security questions or guess or brute-force passwords. These are the same kind of attacks that have worked again and again against many celebrities, website owners, and ordinary people.

Because EZA uses modern crypto, malicious websites with fake login pages that can steal passwords won't work. You can re-use the same certificate on all websites and unlike re-used passwords, even if one site got hacked or was malicious itself, you'll still be secure on the other sites. Or you can easily use different certificates to maintain anonymity.

This system even stops advanced attackers who can "man-in-the-middle" your connection and strip the encryption of other sites with fraudulent certificates. Hundreds of organizations can issue certificates and many have issued bad certificates before. This system doesn't rely on trusting any of those organizations, since it verifies your actual key!

This system supports two factor (or 3 factor or 4 factor or...) authentication that's stronger than even other multi-factor authentication systems.

EZA has stronger account reset processes, using multiple devices and/or a printed or mailed reset code, not like the typical insecure account reset questions whose answers are all too easy to guess or find out.

EZA even supports smart cards for users that have them, for true multi-factor authentication and the highest level of security.

EZA does not require any new hardware, and it is compatible with almost every browser and platform in use today.

Download https://github.com/scriptjunkie/EasyAuth/