I am attending Digital ID World

… and just listened to Stratton Sclavos, CEO of Verisign, talk about OATH. I am all for affordable, strong authentication, something that the OATH initiative has the potential of solving.

I was very disappointed in Stratton claiming that One Time Password (OTP) solve phishing.

The only thing that OTP solves is that the phisher cannot replay the attack, they have to attack in realtime. A fake site can gather your pin and OTP and then present that to the real site and act as you. A fairly obvious attack. Shame on Verisign for promoting a broken solution.

Snap is a new search site that was unveiled here at Web2.0. A lot of meta data about search information is being provided. An interesting angle was their transparency.