Slipshod cryptographic housekeeping left some OpenID services far less secure than they ought to be. OpenID is a shared identity service that enables users to eliminate the need for punters to create separate IDs and logins for websites that support the service. A growing number of around 9,000 websites support the decentralised …
"The modern equivalent of a small earthquake in Chile"
I wonder how many people will get this reference from the 1930s?
"Small earthquake in Chile. Not many dead." was (according to Claud Cockburn, 1904-1981) the winner of a competition for the dullest newspaper headline, but this may well have been his invention, in both senses!
old SSL certificates
If only there was some kind of online certificate status protocol that could be used to determine if a certificate was valid. Then Sun could make sure no one misused the old cert.
Defective by design
Am I the only person who thinks that having a single point of entry to all of an individuals accounts across multiple websites is, perhaps, not a great idea?
Personally I'd much rather, and do, have multiple logins and multiple passwords. At least that way if some scumbag manages to brute force one of my accounts the others are still relatively safe.
This whole openID thing just seems a little dubious to me.
Paris, cos she's got more than one point of entry.
Sun don't eat their own dog food ?
So Sun aren't using Solaris anymore, eh ?
@Defective by design
I wouldn't use openId for banking but if I type a password into irc/msn/whatever, I would rather change it in one place than many.
With the current system of isolated authentication, there is a tradeoff between remembering dozens of passwords (and probably choosing less secure ones as a result) and reusing passwords on many sites (which risks the password being leaked and makes changing password much more difficult)
It's "Light Blue Touchpaper"...
The extra 'the' spoils the Cambridge in-joke. Good article, though.
"there is a tradeoff between remembering dozens of passwords (and probably choosing less secure ones as a result) and reusing passwords on many sites"
You forget the third option, which is the most sensible option in my view: invent complicated passwords, all of them different, and keep them in a text file, which you keep encrypted with another complicated password, which is the only password your will really need to remember.
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market