A beautiful piece of writing by Schabse presents the history of Web authentication as a series of conversational gambits and ripostes between someone who wants to let users prove their identity online, and someone who wants to impersonate those users. It's a great way to present a subject that's both esoteric and vital, and I've never seen it before.
Defender: Users will enter a username & password, and I will give them an authentication cookie for me to trust in the future.
Attacker: I will watch your network traffic and steal the passwords as they come down the wire.
Defender: I will change the
The Web Authentication Arms Race – A Tale of Two Security Experts [Slaks]
(via O'Reilly Radar)