I now have two key chain "tokens" made by RSA for use in signing on to secure web sites. It provides a new 6 digit number every minute which in concatenate with my pin/password to sign on. As far as I can tell, this system is one of the most secure forms of sign-on currently used on the internet. I also use an application called "VIP" on my IPOD which provides a similar capability for my USAA aaccount. Paypal & Ebay also provided me with a card that looks like a credit card but has a button that I push to get a new, unique 6-digit token key that I use to sign on with. I have a different app on my phone to generate a unique token for Google. My wife and I also have other banking, financial or other web sites that need to have very secure sign-ons. Most of those other sites use a combination of multiple passwords, and usually go through other special steps if I sign on using a different computer for the first time. Many of them require answers to challenge questions, such as mother's maiden name, first car, favorite singer, where I met my wife etc. None of those techniques are as secure as the "token" system. If all of these accounts used tokens, I would have to carry a ring of 10 or 20 tokens, or need to keep 10 or 20 different apps updated on our ipod and iphone.
I now have over 300 different web sites where I need log-on and passwords. Some are sites like Facebook, Myspace, Plaxo, utility accounts and e-mail accounts. Other accounts are subscriptions to newspapers, and magazines. I would like all of those sites to also be somewhat secure to protect my privacy. I believe the web sites would also like to have a secure connection to make sure that I am whom I say I am. I have been able to use a very good password manager to help me generate very complex, long passwords, and keep them straight. However these password managers don't work properly for all sites, and clearly don't work on web sites using the tokens.
One of the other problems is that the tokens are assigned to an account and not an individual. For example, when I sign on to an e-trade account, I must use a log-on and only one token. If my wife wants to sign on to the same account, she needs to use the token I have. If I have an account joint with my brother, I would need to use a different token. He would need to have that token to sign on. Instead, the token/password should be identified with an individual, not an account. That way when I sign on, I use my token. If my wife signs on, she uses her token.
I believe we need a more universal token that we can connect to any web site we want to. We could pay a small annual fee for that service.
I now have over 300 different web sites where I need log-on and passwords. Some are sites like Facebook, Myspace, Plaxo, utility accounts and e-mail accounts. Other accounts are subscriptions to newspapers, and magazines. I would like all of those sites to also be somewhat secure to protect my privacy. I believe the web sites would also like to have a secure connection to make sure that I am whom I say I am. I have been able to use a very good password manager to help me generate very complex, long passwords, and keep them straight. However these password managers don't work properly for all sites, and clearly don't work on web sites using the tokens.
One of the other problems is that the tokens are assigned to an account and not an individual. For example, when I sign on to an e-trade account, I must use a log-on and only one token. If my wife wants to sign on to the same account, she needs to use the token I have. If I have an account joint with my brother, I would need to use a different token. He would need to have that token to sign on. Instead, the token/password should be identified with an individual, not an account. That way when I sign on, I use my token. If my wife signs on, she uses her token.
I believe we need a more universal token that we can connect to any web site we want to. We could pay a small annual fee for that service.