— The RISC OS Authentication Service —
Frequently Asked Questions (Security)
| Not logged in | Log in |
| Home |
| Register |
| FAQ |
| Terms of Use |
| Contact |
| Frequently Asked Questions | ||||||
| Purpose | Security | Privacy | Spam-prevention | Accounts | Kerberos | OpenID |
Security
What should this service be used for?
While it remains an experimental service we recommend that it is used only in conjunction with:
What should this service not be used for?
Anything where a breach of security or a loss of availability could cause serious harm. In particular, you should not use it for:
- anything involving money;
- anything involving sensitive personal information; or
- anything that is safety-critical.
Who would I be trusting if I were to use this service?
Initially Dr Graham D Shaw (author of the RISC OS Toolkit, RiscPkg, and various lesser works) … however, if the service is to be made technically and administratively robust then it will almost certainly be necessary to involve others in its operation. If and when this changes the information will be published.
Why should I trust you with my password?
Because it is an arbitrary string of letters, digits and symbols which is not used for any other purpose.
(Or at least, it ought to be.)
Why should I trust you with my identity?
For anything of substantial value you should not. Even if you happen to trust my intentions and competence, the service as it is currently implemented lacks the physical security measures that would be necessary before it could be recommended for such use.
For the limited purposes for which the service is intended, the time and effort I have committed to RISC OS software development should provide some evidence that my motives are constructive rather than destructive. You will have to decide for yourself whether that evidence is sufficient.
What protection do you provide against phishing?
At present, none. This is high on the list of functionality to be added (and its absence is the main reason why authentication with third-party websites is not recommended at this time).
Is there any support for authentication without passwords?
Not at present, however this possibility is being investigated.