The first is “tracability”, the second is “context and roles”.

Both arise from the “geek think” technical solution to human problem issue (which is where passwords originated from).

The saying “on the Internet nobody knows your a dog” makes the average person think they have the ability to be anonymous however in reality the Internet does not care if you are a dog or not only if you are a “good dog” or a “bad dog”.

But humans like cut jems have many sides to them and all give a different perspective.

Humans have many different aspects to them

1, proffesional
2, work
3, social
4, family
5, spouse

And many of us actualy keep these areas of our lives seperate out of self protection. Further we break these down into sub groups.

In Face to Face (F2F) off-line communications most of us automatical assume a “context” within which we have a “role” at the time. We give them names such as “proffesional manner”, “loving parent”, “devoted spouse”, etc.

If you use the wrong “role” in a given “context” you commit an error or “gaff”.

As humans we have a myriad of informal protocols to let others know they are commiting a gaff in a F2F context. Usually gaffs are mildly embarising fairly quickly resolved and forgoton, unless they are repeat offenders in which case they tend to be rejected by others in that context (it should be noted that “geeks” tend to have ASD and cannot see the contexts or respond to the subtal protocols).

One joy of the Internet is it “never forgets” and has a habit of “remembering” “inconveniant statments” and “embarising behaviour”.

Another is it is relativly easy to search so such “inconveniant statments” or “embarising behaviour” that are on-line are easy to find if they can be linked to an individual (traceability).

There are other issues with the Internet in that it has no notion of context or roles, and importantly it is not only “broadcast public” but permanently so. And as such there is no place to hide, not just currently but from your past as well.

We have all seen or heard people being interviewed on TV get asked about their past views. Often the snipet used is taken out of context and used as a “political tool”

A client certificate is a sure fire way to link even suposadly “anonymous” comment back to a persona.

Therefore we need not client or container certificates but role certificates, and the tools to handle them correctly.

Otherwise in just a few years certificates will be just as discredited as passwords are.

I think using a password manager here with a complex 20 char or 12 char mixture works best, and thats what me and my guys are using and suggesting to other people,

BTW tnx for the follow up.

Neither ones are particularly weak to dictionary attacks.

Take a peek at Hellman’s Time Memory Trade-off for more info.

My solution is, every entity should have a digital certificate assigned with himself, somewhere around, and have its counter-part in a token or on a secure space accessible everywhere, and access that storage with a password:D