lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Mar 2008 18:53:10 -0500 From: Paul Schmehl <pauls@...allas.edu> To: full-disclosure@...ts.grok.org.uk Subject: Re: OpenID. The future of authentication on the web? --On March 23, 2008 4:16:28 PM -0700 Steven Rakick <stevenrakick@...oo.com> wrote: > Many of you have brought up that OpenID is vulnerable > to phishing and have highlighted weaknesses specific > traditional username/password authentication. > > This was the main reason I bought up Information Cards > in my original post. I've noticed that Beemba > (http://www.beemba.com) and MyOpenID > (http://www.myopenid.com) have both implemented > Information Cards as an authentication option. > > Good idea? > > It seems to me that if you were to rely on Information > Cards as opposed to username/password the phishing > angle is mitigated. Is this not the case? > Beemba doesn't appear to have any online FAQ or help. MyOpenID points to further information which leads to this: "With OpenID, you don’t have to sign up and create a new account for each site that supports OpenID – you can just use the identity you already have. Hundreds of millions of OpenIDs already exist, and it is likely that you already have one from a service you use." Nice to know that someone is creating identities for me without my knowledge. With an ethical stance like that, why should I trust them to make my ID secure as well? I don't see any information at all about Information Cards. Perhaps you could provide a link? Paul Schmehl (pauls@...allas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists