This article originally appeared in TidBITS on 1995-05-29 at 12:00 p.m.
The permanent URL for this article is:
Include images: Off

PowerTalk to the Rescue?

by Adam C. Engst

I'm no fan of PowerTalk, but I've found the perfect use for part of the PowerTalk technology that could not only make the Web easier to use but could also give the Macintosh a notable advantage over other platforms. Basically, we need the PowerTalk Key Chain.

Why the PowerTalk Key Chain? After all, isn't it supposed to simplify the process of remembering usernames and passwords for AppleShare servers? Yes, and from what I hear from PowerTalk users in large organizations with hundreds of servers, the Key Chain is a necessary fact of life. No one can remember all those different usernames and passwords, especially if the passwords change frequently.

The reason I think the PowerTalk Key Chain could prove useful on the Web is that more and more sites now require authentication before they allow you to access the good stuff. This makes sense in the case of a site like InfoSeek - where you pay for an account to search commercial publications and databases - but is increasingly irritating in the case of a publication like HotWired, where it seems that they mostly want to know that you were there.

I have no idea how feasible this is for the developers of the Macintosh Web browsers to implement, but just imagine how much easier it would be to use these authenticated sites if, the first time you hit one in a session, you could enter your PowerTalk Key Chain password to get in. Then, all subsequent authentication requests from Web servers would use the appropriate username and password from your Key Chain.

I currently have nine separate usernames and passwords to track for different services on the Web, and although that's not a lot, it adds up fast when I add in the usernames and passwords for all my accounts on the commercial online services, Unix machines, Timbuktu Pro accounts, and so on. Since all of these accounts have different security requirements, I can't even use the same set of passwords, much less the same single password (and to do so would be a major security mistake anyway). Worse, since some of these Web services enable you to pick your userid and others require your email address or something similar, I don't have even have the same username for all of them. It's out of control and it'll only get worse.

The PowerTalk Key Chain could end to this mess, at least for Macintosh users. And, the Web browser that first implemented support for the PowerTalk Key Chain could gain a significant feature advantage over the rest, particularly for folks who use authenticated Web sites frequently. Of course, one major problem with this scenario is that PowerTalk hasn't been widely accepted (for generally good reasons), which doesn't endear developers to the idea of supporting it heavily.

When I asked several Macintosh Web developers about this possibility, the problem mentioned above was foremost for Netscape, which is considering automating the process, but not through PowerTalk. The NCSA Mosaic developers reportedly plan to address the problem by supporting a modular security framework being developed by Spyglass, the company that handles Enhanced Mosaic.

So, in the end, the PowerTalk Key Chain may not turn out to be the solution. But it may serve as the pointer to a solution since it does today for AppleShare servers what we can only hope becomes possible tomorrow for authenticated Web sites.