TeamSpeak 2 (and many other systems) use a username/password based authentication system. Each user is identified by a unique username but must also supply the correct password to be able to claim the username and permissions associated with it. TeamSpeak 3 uses a public/private key authentication system. It basically creates an "identity" file on its first start-up which contains a public and a private key, when connecting to a server it sends the public key and proves through a cryptographic protocol that it also must have the matching private key (without actually sending the private key). If you are having problems understanding this concept think of the public key as a randomly generated user name (which is guaranteed to be unique in the whole world due to its length), and the private key as kind of password but wrapped in some clever math to avoid to ever having to send the actual private key to the server.
+ Since you pick username and password you hopefully will be able to memorize this data. This allows you to access your account from anywhere in the world, using the information stored in your head to pass authentication and hence gain access to your privileges.
+ Username/password authentication is the most used authentication scheme out there so users should have an easier time understanding the concept.
+ Since username/password authentication is the most used authentication scheme out there it might be easier to integrate existing user bases that already use username/password authentication into TeamSpeak. Here is a thread explaining how to do it with TS3: http://forum.teamspeak.com/showthread.php?t=56435
- Passwords chosen are often weak and/or used in other places. One compromised password of a server admin is usually enough to totally ruin the gaming experience of all members of the affected TeamSpeak server for a couple of days, not even talking about wasting our time with "omg we have been h4xx0red!!!1!!1!" threads. This issue is especially true for TeamSpeak (opposed to other username/password systems out there because):
- It's "just for gaming", many people don't give a second thought about chosing a good password or chosing one you didn't use on ten shady websites already.
- Many users of TeamSpeak are still very young and might not have thought about the topic of password security
Public/Private Key Authentication
+ Since public and private key are generated randomly (and are much longer than the usual username or password) they are virtually impossible to get at, they contain no pattern that can be exploited and the length prohibits any brute force attack (try all possible keys). Even eaves dropping onto a client as he connects to a server (man in the middle attack) will NOT gain you any insight.
+As there is no need to manually pick a username and password the whole registration step of username/password based systems is no longer necessary. This makes the system easier and more intuitive to use as you just connect and the server automatically recognizes you.
- If you want to use your account from a different computer or after reinstalling your computer you cannot use your head only to authenticate (nobody remembers public+private key), so you need to remember to export your identity and bring it along.
TeamSpeak 3 uses state of the art cryptography for authentication, making a huge leap security wise as compared with TeamSpeak 2. There are some minor hassles when switching computers (export identity) but this is a task most users will not need to do at all and is no big deal usually even when forgotten.