Entries tagged openid, security
Filters: Type: entry × openid × security × Sorted by date
The point of “Open” in OpenID
TechCrunch report that Microsoft are accepting OpenID for their new HealthVault site, but with a catch: you can only use OpenIDs from two providers: Trustbearer (who offer two-factor authentication using a hardware token) and Verisign. "Whatever happened to the Open in OpenID?", asks TechCrunch’s Jason Kincaid.
[... 451 words]Designing for a security breach
User account breaches are inevitable. We should take that in to account when designing our applications.
[... 545 words]Solving the OpenID phishing problem
Most of the arguments I hear against OpenID are based on mis-understandings of the specification, but there is one that can’t be ignored: OpenID is extremely vulnerable to phishing.
[... 531 words]