Rlemaster

I would like to propose using Public/Private Key pairs for secure web authentication. This functionality would work similar to the functionality in SSH that allows a user to generate a public/private key pair, store the public key on the server, and then authenticate using these keys instead of passwords.

This would require the browser to be able to generate keys and store them in the browser like SSH clients do. The keys would be secured with a password like Firefox already does, and would be transportable, so they could be stored on a USB stick and/or installed on different browsers (eg; home, work, mobile).

The server would also need to have the ability to store public keys in a database for users and authenticate users using this mechanism.

This functionality would be used primarily for sites that deal with money, like your bank's web site, Ebay, Paypal, etc. I think this method is preferable over using one-time passwords and tokens that are easy to lose and are not transferable between sites.