Andy Ellis
π€ SpeakerAppearances Over Time
Podcast Appearances
Maybe they also have a desktop.
That's a good point.
If you are not validating a machine credential, like we did this at Akamai, I don't even want to think about how many years ago now, but it was a lot where literally we put an X509 certificate on every device and it had the name of the person in the certificate.
So it had your username.
So the first thing that would happen when you tried to connect is the device authenticated and said, hey, this is Andy Ellis's computer is trying to connect.
Then I could do an out of a channel, push it off to Andy to say, hey, is that really you?
This is fish proof.
Like you cannot get me to authenticate until my computer has already authenticated itself.
So my password is useless.
And that's the world we need to be in to say, first we'll trust the computer, then we'll trust the human.
Yes.
Right.
There's two different things here, right?
So one is there's a couple industries where this is not true, where people do, in fact, use different computers.
Healthcare is certainly one of them.
Like a doctor with visiting privileges may need to log in to a system at that hospital that's not usually theirs.
But that's a weird one.
But I think what Daniel just pointed out, a really interesting thing, and what I would encourage everybody to do is β
Think about that use case of the user who wants to use their home computer.
I think you only have two reasonable choices.