This link has been bookmarked by 62 people . It was first bookmarked on 13 Apr 2008, by Avdi Grimm.
-
20 Jan 09
-
06 Jan 09
-
03 Dec 08
Sean FentonOn occasion, my colleagues and I are asked whether Credentica is working to ensure that our innovative technology for user-centric identity management will work with OpenID. My short answer - “No” - is sometimes followed by the question “Why not?” Let me
OpenID criticism bug software Web computers security reference article tech privacy trust surveillance usability August 2007 patents for:greenliver for:flatlandkayak
-
22 Nov 08
-
09 Nov 08
-
One thing that has been bugging me more and more is how openID providers have been recommending that you use their login urls again and again when they say they support openID (provider). At no point do any of them mention how dangerous this is. The only sensible use of openID is with a domain name that you own so that you can delegate it where ever you want and not be locked in. But that is never mentioned anywhere. They always recommend that you use http://username.bigco.com as your url — meaning that if you lose your username@bigco account you can permanently lose access to all of your sites.
-
-
28 Oct 08
-
25 Oct 08
-
08 Sep 08
-
07 Sep 08
-
28 Jul 08
Seb PaquetOpenID is highly vulnerable to phishing and other attacks, creates insurmountable privacy problems, is not a trust system, suffers from usability problems, and makes it unappealing to become an OpenID “consumer.” Many smart people have already elabora
-
16 Jul 08
-
01 Jul 08
-
28 Jun 08
-
31 May 08
-
30 May 08
-
29 May 08
-
28 May 08
-
27 May 08
-
-
I send you to my fake provider, which then just proxies the real provider, stealing your login as it does. I don’t have to persuade you that I’m anything special, just someone who wants you to use OpenID, as the designers hope will become commonplace, and I don’t have to know your provider in advance. So, I can steal login credentials on a massive basis without any tailoring or pretence at all! All I need is good photos of kittens.“
-
-
23 May 08
-
11 May 08
-
13 Apr 08
-
03 Apr 08
jeanjordaanBeyond this, OpenID is pretty much useless. The reasons for this are many: OpenID is highly vulnerable to phishing and other attacks, creates insurmountable privacy problems, is not a trust system, suffers from usability problems, and makes it unappealing
authentication blog criticism essay identity phishing openid security privacy
-
25 Mar 08
-
17 Mar 08
-
10 Mar 08
-
OpenID was designed as a lightweight solution for “trivial†use cases in identity management: its primary goal is to enable Internet surfers to replace self-generated usernames and passwords by a single login credential, without needing more than their browser. Concretely, OpenID aims to enable individuals to post blog comments and log into social networking sites without having to remember multiple passwords. (Of course, local password store utilities already do that; more on this later.) Beyond this, OpenID is pretty much useless. The reasons for this are many: OpenID is highly vulnerable to phishing and other attacks, creates insurmountable privacy problems, is not a trust system, suffers from usability problems, and makes it unappealing to become an OpenID “consumer.â€
-
-
07 Mar 08
-
05 Mar 08
-
23 Feb 08
-
07 Feb 08
Page Comments
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.