I think it is a nice idea. I'd like to support the idea, but then I realize that I need to register for an
So what they're basically saying, since there is no common authentication platform on the web, we, the consumer, now have to memorize a plethora of passwords, and just to make life even more difficult, memorize all those pesky usernames as well.
I will admit, that having the username is 50% of the credentials required to gain access to a system, so they are trying to make it more secure by obfuscating the username too. Fair enough. The downside however is the mountain of confusion that is created with the people.
I read through the terms and conditions. They pass on most of the responsibility onto you, the consumer, which most of them always do. Unless you protect your username and password, they can not guarantee the safety of your data. And if you don't use it at least every 18 months, they will close the account. So basically, if I don't get sick in at least 18 months and access my eHealth records, it will get closed. That's not a good way to keep my data.
What is the solution? Considering the $650 mil that the government spent on this thing, they could easily have issued everyone a
I'm really not surprised at the low uptake of the eHealth system. The government made it way too difficult to register, and maintain the user id system. We already have to do this with our internet banking, and various other services. Let's not introduce yet another one.
We still have a fair bit to go before technologies like the Yubikey and OpenID becomes more mainstream. In the meantime, let's keep pushing back until someone in government wakes up, and stops wasting money on crazy ideas.
I'm happy to announce, that I've released v.0.03 of my Auth::Yubikey_Webclient perl module. You can download this module from my
For those who don't know, the
v.0.03 is a somewhat significant upgrade for me. For one, I'm no longer dependant on the Digest::SHA module, but instead, upgraded to Digest::SHA1. You may ask why - that's no change at all??!! In fact, since I'm hosting my site with GoDaddy, I found that they do not offer Digest::SHA on their deluxe platoform, but do in fact have Digest::SHA1. This was a quick change, as well as the ability to return the error code from Yubuco in the event of a non-OK response.
I like WordPress.... Honest... You may argue that there are other tools better and greater, but you know, for what I want, it is perfect. I love the plugins. They've allowed me to tweak my installation exactly the way I want it.
I'm a big fan of security, and when I heard of the
In the past, I tried to get
So right now, I only have the openid plugin running. Henrik's Yubikey authentication and the Admin SSL plugin are both disabled, but I still have the strength in security. You may wonder why I've disabled Henrik's plugin and went to OpenID. I guess when you think about it, both openID and the Yubikey plugin will use the same Yubikey, so no harm in having 2 authentication methods... I wanted to extend the openid functionality to all my users too. Not everyone has a Yubikey, but almost everyone could get an openid.
The last plugin I want to mention is
Allright, it's coffee time, then time to record my next episode of
I thought I'd give you a quick update.
My very first
My module's link has also been published on
Then, I found a neat
I'm liking this key more and more every day!
I've ordered my Yubikeys, and they arrived in the mail about 2 weeks ago. So let me give you a rundown of what the Yubikey is.
The Yubikey is a hardware device. It's a paperthin USB "dongle", with a single button on it. When you plug the Yubikey into your PC, your machine will recognise it as a keyboard. That's right. The Yubikey looks like a keyboard to your computer. When you press the button on the Yubikey, a one time password gets generated, the one I have on my computer at the moment, has this nice big long password.
Ok, that looks like junk, but there's logic behind it. Here goes...
The code is not made into a perl module yet, this is still on the todo list (if you have experience with making perl modules, kindly contact me!) . It has a dependency on the
There is a catch.. To use this procedure, you will need to have the AES key for your Yubikey. There are two ways to obtain it.
1) Email Yubico and ask them to send you the AES key. You will need to provide the OTP (one time password) from your Yubikey before they can release it.
2) Reset the AES key. Using the developer tool from the Yubico website, you can reset the AES key to anything you want. Be careful though - if you zap your AES key, you will not be able to use the Yubikey on Yubico's systems, thus the openid and forums etc will be inaccessable.
Watch this space.. I'm almost finished with my own Yubikey authentication server all in perl, using a mySQL database backend, as well as this exact same module for the heavy lifting.
I've placed my order... My
Here's the even cooler bit. Yubico has released some C & Java code for coding your own backend system. The kind folks at Yubico is helping me understand the protocol so that I can help you bring a perl version of the backend server.
Yubico also offers an
You may be familiar with