Wednesday, April 02, 2008

I really liked OpenID

...but not so much after reading this post. It states:

... Beyond this, OpenID is pretty much useless. The reasons for this are many: OpenID is highly vulnerable to phishing and other attacks, creates insurmountable privacy problems, is not a trust system, suffers from usability problems, and makes it unappealing to become an OpenID “consumer.” Many smart people have already elaborated on these problems in various forums. In the rest of this post I will be quoting from and pointing to their critiques.
Quote Stefan Brands, author.


It's a damn shame OpenID is so "open" to phishing and other kind of attacks. I actually still like the idea of a decentralized single sign on system, and I do feel like OpenID does have its place, but you have to be more than average awake when using OpenID and performing a login.

2 Comments:

OpenID mortenf said...

You should try finding some of the replies to that article, because it is seriously misguided.

I won't get into the details here, except for saying that:
No, OpenID is not a trust system, it was never meant to be, so don't try using it for that.
Yes, some lousy OpenID providers are open to phishing, but try e.g. MyOpenID, where you can't login as part of the signin process: Phishing impossible...

4/4/08 20:59  
Blogger lborupj said...

Hi Morten,

I'm not saying I dislike OpenID (as I also do say in my short post) but before reading the article to which I link, I just never gave the whole Phishing problem any thought and it was quite the eye-opener for me, not only regarding OpenID but generally as one relies more and more on online services. I dont use MyOpenID, but how can you not login as part of the signin process - I can only think about re-authentication a session (as I do with google)

5/4/08 09:53  

Post a Comment

<< Home