As an alternative to this checkout TozID. The premise of their authentication model is to avoid sending the password all together and use public key crypto to sign and verify requests between the client and the auth server.
It is an SSO platform with authentication based on client side cryptography that enables end-to-end encryption for applications. It supports SAML clients like other SSO platforms.
Browser crypto has come a long way. With libraries like libsodium and proper implementation I think it’s drastically better than at the time of those articles (2013 and 2011).
Source: we also write encryption libraries and have a free implementation of our browser sdk at https://share.labs.tozny.com
I agree w/ OP. Using cryptography for privacy and data control is a step in the right direction and needs some critical mass behind it for broader adoption.
Shameless plug - that is exactly what Tozny provides. An easy way to have end to end crypto with a sharing model that keeps data in control of the original writer.
Helping developers avoid the pitfalls of cryptography is the main problem we at Tozny (http://tozny.com) are trying to solve.
We found that there is so much mis-information available online it's too easy to shoot yourself in the foot with cryptography so we're trying to make tools that make strong crypto easy to implement.
Nice! Some services don't allow non-https URLs for the webhook even for development (slack...), so might be nice to support that. Let's Encrypt provides free SSL certs if you wanted to go that route.
https://tozny.com/tozid/