Sorry for breaking the thread already, wasn't subscribed to this before. IMO there is a lot of work to be done before deprecating passwords. Right now this seems more than a little half-baked: 1) There should most definitely be SSO support for syncupdates. Webupdates, I'm sure, is fine for some but to me it's the most awkward and time-consuming way to make any db change. As far as email is concerned, deprecate that for all I care. I have never used that method in 15 years. 2) There are many issues with using PGP. As someone who makes DB changes for up to 5 LIRs at a time and who does not have a desk with a PC from which all work is done, what am I supposed to do? (On a side note, SSO has made that job so very much easier. If it can be used to authenticate mntners, by all means, please make that possible!) -Use the same privkey for all mntners? Hardly. -put all the privkeys on a USB stick? What if that is lost or stolen? All mntners are now compromised and have to be changed. Hopefully there is a copy of each privkey in some secure location... So, I wouldn't deprecate passwords until there is another option that is as flexible as a simple password. rgds, Sascha Luck