What is Digg?46 Comments
- kinerry, on 07/24/2008, -2/+22Good = less to remember and easy to recover should you pass away
Bad = one theft of your password and you lose everything you own - DivisibleByZero, on 07/24/2008, -1/+16The thing about OpenID is that you pick one service to manage your login. All the other guys just call that and ask if you are who you say you are. So in the end, your OpenID is only as secure as the provider.
Now, once you've got that account set up with somebody like MySpace, you can go use it to login to any shady website you want without and problems. The way it works is that you visit a site, let's say disreputable.com. You create an account just like you normally would, but instead of setting a password for that site, you give it your Myspace username. Then whenever you login, it redirects your browser to Myspace, and you login there. Myspace sends back a token to disreputable.com saying that you're authorized. So your actual password has never passed through the disreputable servers, so they can't go around and login to another service as you.
I do predict that there will be a lot of phishing problems as OpenID becomes more prevalent. Rather than redirecting me to Myspace's login page, a scam site could send me to a phishing page instead. A smart user knows to check the address bar, etc to make sure that he's actually talking to the site he expects to be talking to. But my grandma wouldn't even notice the difference. - wilderworks, on 07/23/2008, -3/+15I seem to remember reading several articles citing one of these shared ID programs as very insecure. Was it OpenID?
- evillawngnome, on 07/24/2008, -0/+11Not just one username, one LOGIN, meaning one username / password pair. As a corollary, if you follow proper password aging (which no one does) you need to change your passwords every so often, usually around 30 days. Do you want to change 1 password or 10?
- evillawngnome, on 07/24/2008, -0/+10Digging you up; honest, intelligent questions should never be dugg down.
- GeorgeStone2, on 07/24/2008, -2/+11Single point of failure.
- ilgaz, on 07/24/2008, -0/+6Who is missing from that extensive list of supporting companies/sites even including the AOL? digg.com
- Macskeeball, on 07/24/2008, -0/+5MScrip, that is a valid question. Fortunately, every OpenID supporting site I've used has let me link my OpenID with a pre-existing account.
- Zippo, on 07/24/2008, -1/+6What could possibly go wrong?
- Macskeeball, on 07/24/2008, -1/+6The answer to the first paragraph is no. The answer to the second is that OpenID *does* leave it up to you. Anyone can be an OpenID provider, including yourself. You seem to misunderstand what OpenID is.
- buckchoris, on 07/24/2008, -0/+5This is very bad,myspace is easy target for phishers,yesterday i saw a set of usernames and passwords on a forum.
- MScrip, on 07/24/2008, -0/+4> "Not just one username, one LOGIN, meaning one username / password pair."
I get that it's safe. But what if you already have a login at a certain website? Will all your posts, comments and profiles disappear if you start using this new OpenID?
I'm Digg user MScrip. If Digg were to start using OpenID, and I chose a different OpenID name... what will happen to MScrip? - mayavada, on 07/23/2008, -3/+7That can't be good.
- Macskeeball, on 07/24/2008, -0/+3@DivisibleByZero: Yes, his OpenID provider could ban him if it wasn't himself, but he seemed to be referring to a site that he would use his OpenID to log into, not the OpenID provider.
- buckchoris, on 07/24/2008, -0/+3we can still login to myspace etc using the non-open ID regular username/password.
- Macskeeball, on 07/24/2008, -0/+3OpenID is not a centralized service like you seem to be thinking. It is instead a standard that is free to implement. Anyone can be an OpenID provider, including yourself. Now, if your particular OpenID provider were to go down, that might present a problem if OpenID was the only way to login to a site and you did not have another OpenID from a different OpenID provider. Many people already have OpenIDs without even realizing it.
- Elranzer, on 07/24/2008, -0/+3What's the point if you're already signed up to all of these services with the same username anyway?
- DivisibleByZero, on 07/24/2008, -0/+3Macskeeball is correct. The way openID works is that you create an account at each of the participating sites, then associate those back with the one from the authenticating site. So if you want to change to openID, you can just associate your existing account with the openID.
Granted, that assumes that each individual site builds in the UI to actually let you do so. They will if they know what's good for 'em.
Does Digg support OpenID yet, or is it a future goal type of thing? I'm poking around in settings right now and can't find anything about it. - evillawngnome, on 07/24/2008, -1/+4Got to agree with GeorgeStone2: This is a single point of failure. Here are two immediate problems i see:
1. OpenID goes down. Now ALL of the web2.0 social crap we're all addicted to is inaccessible.
2. OpenID gets hacked. Now your entire online presence is compromised.
Move forward carefully, gentlemen. - fuhrysteve, on 07/24/2008, -1/+4I wouldn't worry too much about phishing:
If it's there's a really ugly background color, a flash music player that automatically starts playing Brittany Spears hidden about 10,000 pixels down the page, and tons of worthless / wtf sections containing images of weird anime people...
then you can be sure it's myspace and not some phisher.. don't even bother checking the url. - DivisibleByZero, on 07/24/2008, -1/+3I'm not comfortable with the way this article presents this as if they're cooperating with their competition. The author doesn't really seem to know how OpenID works. All it means is that they're going to allow you to use the same password to login to multiple sites.
I really hope MySpaces overbearing password complexity requirements didn't count as a feature to retain users - Atomic1fire, on 07/27/2008, -0/+2Thats what browser plugins are for OR
get your grandma a yahoo account and put a picture of you on it
if she sees you, she knows its safe
if she does not
Back button till the offending site is gone - Macskeeball, on 07/24/2008, -0/+2It's no different without OpenID. All someone would need to do is compromise your email account and then use those "Forgot your password?" links.
- ilgaz, on 07/24/2008, -0/+2Some sites doesn't want OpenID because they lose the control of user. For example, Yahoo banned you? Move to AOL and use AOL's OpenID on every site. No passwords etc. changed. You just say openid.aol.com/nick rather than me.yahoo.com/nick while logging in.
Some sites like sourceforge are capable of linking your existing login with an openid even. - Macskeeball, on 07/24/2008, -0/+2So is your email address. "Forgot your password?"
- HiFiGuy36, on 07/24/2008, -0/+1OpenID needs some more time and use to mature.
Here are some resources from grc.com that explains OpenID very well.
http://www.grc.com/securitynow.htm#95
http://www.grc.com/sn/notes-095.htm - christopher, on 07/24/2008, -1/+2except that these companies don't actually let you _share_ other openIDs with them - you gotta use theirs on their site. They are providers not relyers. which, if everyone does that, defeats most of the purpose.
- MScrip, on 07/24/2008, -1/+2Firefox does a god job at remembering passwords too. Just throwing that out there.
Seriously, Gator? Is it 1998 again? - Elranzer, on 07/24/2008, -2/+3Just throwing this out there... but Gator also made it so you don't have to remember as many passwords. And there were no consequences to installing Gator, eh?
- Charlotte_Web, on 07/24/2008, -0/+1Bad = anonymity on the internet becomes a thing of the past
- dmightx, on 09/21/2008, -1/+2Why can't this be good? Are you being forced to be part of this?
- kinerry, on 07/24/2008, -0/+1other than massive amounts of spyware and useless software that you couldn't uninstall
- MrViklund, on 07/27/2008, -0/+1Very bad.
- WalkingAway, on 07/25/2008, -0/+1that might be too insecure
- Macskeeball, on 07/24/2008, -0/+1If you have just one password (that is, the one for your OpenID provider), it's much more feasible to change that password periodically. Also, an OpenID provider can focus more on a secure login process, with things like SSL and multifactor authentication.
- U83RMENSCH, on 07/24/2008, -0/+1bad idea.
- NAvAP, on 07/25/2008, -0/+1Well that might be true, but think of something else..how many email address does the average user have.
What would happen if someone had their email password, and went to each site and asked them to send their password again....or worse still all the password reminder emails were still in their inbox.
Personally I can't wait till Flickr jumps on the bandwagon, as I hate having to use a yahoo login.
Long live Google :P - Atomic1fire, on 07/27/2008, -0/+1Or just not use myspace as an openid (and making sure that people know its you such as telling people your myspace account so they know its yours and not doing certain traits such as sending application invites or anything that would be considered spam) and change your password every 3 months
Yahoo has some identity features (okay mostly one but its a good one allowing the user to use a visual cue to remember what the yahoo page looks like compared to a phishing one by allowing to place text or an image on yahoo that would be rememberable by them, such as a family member or some text you can remember as not being phishy - tony845, on 07/24/2008, -0/+0What am I missing, what's wrong with the password manager in Firefox? I already don't have to remember passwords and the login info is populated for me automatically. Yeah it might be tied to a specific computer, but how big of an issue is that.
- Elranzer, on 07/24/2008, -2/+2Yep. Now all I need is *one* username/password compromised instead of my individual passwords for all of those sites. This is basically Real-ID for the interwebs.
- mdnghtblue, on 07/24/2008, -2/+2too late, myspace!
- DivisibleByZero, on 07/24/2008, -5/+5I can't think of anything that would stop his openID provider from deleting his account, leaving him unable to login to anything.
In a perfect implementation, they'd only ban you from logging into their site, but keep the openID account active. But it would be naive to think that all implementations are perfect... especially when MySpace is involved. - SilenceIsFoo, on 07/24/2008, -2/+1Apparently I've been living under a rock, because this is the first I've heard of OpenID. For the sake of discussion, let's say that Digg is an OpenID provider. I create an OpenID on Digg, and then create accounts on other sites as well with my Digg-issued OpenID.
So let's say that I get a lot of negative feedback from people who don't like me here, and Digg decides to ban me, but someone mistakenly bans my OpenID instead of only banning my access to Digg. Now I can't access the other sites I frequent with my OpenID.
It just seems fraught with peril to me. I'd much rather just keep track of my login IDs and passwords myself than to trust someone, or some organization, to keep track for me. If I can be my own OpenID provider.. well, that's something worth considering. - Zordar, on 07/24/2008, -2/+0If the World of Warcraft forums are any indication, it's too easy to get passwords from stupid people. Click on one keylogger link claiming to show "sex girls" (sic) and your private account information is public domain. Now multiply that by every site who decides to use OpenID. Grab your ankles, kids.
- MrViklund, on 07/24/2008, -3/+1Very bad.
- SilenceIsFoo, on 07/23/2008, -10/+3So, if an admin on a site decides to ban me because I say things in opposition to their political views, not only can I get banned from that site, but from all of the other sites on which I use that login as well?
I hate memorizing multiple logins and passwords, but leave it up to *me* to do so, not some big brother "service" to do it for me.
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is