Entries tagged security, openid

Filters: Type: entry × security × openid × Sorted by date

3 results

The point of “Open” in OpenID

TechCrunch report that Microsoft are accepting OpenID for their new HealthVault site, but with a catch: you can only use OpenIDs from two providers: Trustbearer (who offer two-factor authentication using a hardware token) and Verisign. "Whatever happened to the Open in OpenID?", asks TechCrunch’s Jason Kincaid.

[... 451 words]

8:12 am / 24th June 2008 / dumbnetworks, healthvault, microsoft, open, openid, security, techcrunch, trustbearer, verisign

Designing for a security breach

User account breaches are inevitable. We should take that in to account when designing our applications.

[... 545 words]

9:29 pm / 30th September 2007 / accounts, csrf, designingforabreach, openid, phishing, privacy, security, xss

Solving the OpenID phishing problem

Most of the arguments I hear against OpenID are based on mis-understandings of the specification, but there is one that can’t be ignored: OpenID is extremely vulnerable to phishing.

[... 531 words]

2:39 pm / 19th January 2007 / openid, phishing, security

Simon Willison’s Weblog