Simon Willison’s Weblog

Entries tagged openid, phishing

Filters: Type: entry × openid × phishing ×


Designing for a security breach

User account breaches are inevitable. We should take that in to account when designing our applications.

[... 545 words]

idproxy.net: Use your Yahoo! account as an OpenID

In an ideal world, some or all of the sites with large user databases (Yahoo!, AOL, Google, Amazon and so on) would act as OpenID providers, allowing their users to sign in to OpenID supporting sites around the Web. Until that happens, people who want to use OpenID need to sign up for Yet Another Account to do so.

[... 414 words]

Solving the OpenID phishing problem

Most of the arguments I hear against OpenID are based on mis-understandings of the specification, but there is one that can’t be ignored: OpenID is extremely vulnerable to phishing.

[... 531 words]