What is Digg?Sponsored by Dragon Age: Origins
Can't get enough Dragon Age: Origins? Play the flash game. view!
DragonAgeJourneys.com - Play the free companion flash game to Dragon Age: Origins.
26 Comments
- Error601, on 12/01/2007, -6/+18No thanks. If someone gets one of my passwords, I'd rather have the damage limited to one web site.
- tybris, on 12/01/2007, -3/+10That's the trouble? Nothing on DNS spoofing? Nothing on phishing? Nothing on privacy problems? Nothing on anonymous OpenID? Nothing on trust problems? Nothing on availability problems? Nothing on patent problems?
This is the trouble:
http://www.idcorner.org/?p=161
( http://64.233.183.104/search?q=cache:PFpb3AbhBxcJ: ... ) - Colindean, on 12/01/2007, -0/+5If AOL would advertise that its users are 'enabled' OpenID users, and then use OpenID on some of its affiliated sites, perhaps AOL users would help turn the tide.
- rw712, on 12/01/2007, -0/+5Multi-factor authentication with Open ID isn't such a bad solution - that way you don't have to worry about someone finding out your password; if it does happen; they still need something you have. Check out https://pip.verisignlabs.com/ - you can get an open id from their PIP program and order a FOB (super cheap from eBay or Verisign has a credit card sized one for easy carrying around).
- KhaaL, on 12/01/2007, -1/+5Passwords are like toothbrushes. You should never share one and _change it often_.
- rudy23, on 12/01/2007, -0/+4what if its stolen by a virus a keylogger or a phishing site without you realizing it. there will be a few thousand people doing stuff on your behalf before you can shut down your computer
- fryguy1013, on 12/01/2007, -0/+4Two things wrong here: First, is right now a lot of people use the same password on a lot of sites, and therefore you're actually *giving* the password to them, so all of the site owners know your password so are much more likely to be able to have your password compromised. When you are only logging in one place, at a place you trust, with SSL, how likely is it your password is going to be compromised. How many people *really* use different passwords on every single blog or forum they've created an account, and then to make them secure, change them regularly. With openid, it's easy to change your password if you think it might have been compromised.
The second thing is multi-factor authentication. An openid provider could require a clientside SSL certificate, or the verisign fob, or even gibson's perfect paper passwords ( https://www.grc.com/ppp.htm ). All of these require significantly more work to be able to log in with. There is near-zero chance that places you log in to will support whatever method of multi-factor authentication you may decide to use, so in this manner, OpenID is much more secure than the current way of having different logins on every single site you visit (and is much more convenient) - fkr3, on 12/01/2007, -1/+4"But if the organization leading the charge on OpenID is hanging its hopes of viability on monetizing a chat platform for which the primary use cases are BarCamp and Ron Paul fans - we're in trouble."
lol. - d03boy, on 12/01/2007, -0/+3Then just digg it up... geez
- neko, on 12/02/2007, -0/+3There's some advantages. I hate registering on every random forum just so I can post one comment / bugreport / plea for help.
And imagine if every phpBB board out there /didn't/ store your password, email address etc, but instead just asked the openID server to check if it was you or not. Then, when the board (inevitably?) gets hacked, they wouldn't be able to just grab a copy of the passwords database and start crackin', because that info isn't kept on the forum. The board software might not even need to know the email address, since openID is the one verifying your identity.
Yes, yes, it's a single point of failure, so if openID should be cracked .... don't use it for your online banking! - phatfish, on 12/01/2007, -0/+3Dunno whats with the buries. That link is interesting. Does OpenID 2.0 do anything to protect against the attacks mentioned on that page?
- rudy23, on 12/01/2007, -0/+2Let me tell you how keyloggers work. they capture each and every keystroke entered by the user. keystorkes ar enever hashed or encypted. So its doesnt read passwords from anywhere. the user gift wraps it for them.
- rudy23, on 12/01/2007, -0/+2those arent keyloggers. they are trojans
- rudy23, on 12/01/2007, -1/+2yeah thats very convenient
- GRTWHT, on 12/01/2007, -0/+1There's this silly little link at the end of comments, "Reply to this comment" - maybe you should try it next time.
- k1v1n, on 12/01/2007, -2/+3It just takes one major player to change everything. That small web properties are down 2% is inconsequential. That Google has begun to test this, even it it's just for comments on Blogger at this point is huge. The whole OpenID landscape could change overnight.
The other things mentioned as problems are trivial to iron out. This article could have just as easily been written taking the positive perspective: "Google To Accept OpenIDs in the Near Future?"
- csixty4, on 12/01/2007, -2/+2Then use an OpenID provider with multi-factor authentication, like Verisign's PIP.
- inactive, on 12/01/2007, -1/+1Well actualy some keyloggers have the ability to read stored passwords from the Protected Storage area (IE, Outlook etc), and some can also read Firefox's stored passwords.
- lolo2007, on 03/01/2008, -0/+0well... it is called openid after all... is it my imagination or is the word 'open' going the way of 'clear' did a few years ago. remember when everything was suddenly 'clear?' clear deoderant, clear detergent, clear beer, clear this, clear that.... now it is open id, open server http://download.paramegsoft.com/
http://game.paramegsoft.com/ - GRTWHT, on 12/01/2007, -3/+1Not one comment on sharing of information? Not one complaint of having your every action online tracked? It's bad enough that AT&T is doing this without your consent, now you want to practically beg to have your online privacy violated.
I'll pass on OpenID, thank you. - colobikeguy, on 12/01/2007, -2/+0well... it is called openid after all... is it my imagination or is the word 'open' going the way of 'clear' did a few years ago. remember when everything was suddenly 'clear?' clear deoderant, clear detergent, clear beer, clear this, clear that.... now it is open id, open server, open this open that... i think i am to open with my comments and clearly obsessed with the openess of this forum... open your minds people... cant you clearly see the open community is clear in its demands for open access to open code so they can open up the openess of clear code?
- slantyeyed, on 12/01/2007, -5/+1i don't want my ID published nor open to anyone else.
- thadiusdean, on 12/01/2007, -5/+1Can you not just never mutter your password to anyone? I mean I can understand a slip up but if you realize it you can just go change it right away.
- HonoredMule, on 12/01/2007, -6/+1Protos
- vertinox, on 12/01/2007, -6/+1Keyloggers have a hard time reading saved passwords and/or anything else you don't type. Secondly, you need better security practices and/or software if this happens to you. I almost got hit with a phishing site once for a social networking site, but luckily firefox alerted me at the top of the page that the site was suspect.
- Annaleewee, on 12/01/2007, -7/+0> No thanks. If someone gets one of my passwords, I'd rather have the damage limited to one web site.
Reply to this comment
true!
© Digg Inc. 2009
— Content created and posted by Digg users is