Slipshod cryptographic housekeeping left some OpenID services far less secure than they ought to be. OpenID is a shared identity service that enables users to eliminate the need to create separate IDs and logins for websites that support the service. A growing number of around 9,000 websites support the decentralised service, …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Wednesday 13th August 2008 09:29 GMT Anonymous Coward

"The modern equivalent of a small earthquake in Chile"

I wonder how many people will get this reference from the 1930s?

"Small earthquake in Chile. Not many dead." was (according to Claud Cockburn, 1904-1981) the winner of a competition for the dullest newspaper headline, but this may well have been his invention, in both senses!

0 0
Wednesday 13th August 2008 09:29 GMT James Henstridge

old SSL certificates

If only there was some kind of online certificate status protocol that could be used to determine if a certificate was valid. Then Sun could make sure no one misused the old cert.

0 0
Wednesday 13th August 2008 09:54 GMT Anonymous Coward

Defective by design

Am I the only person who thinks that having a single point of entry to all of an individuals accounts across multiple websites is, perhaps, not a great idea?

Personally I'd much rather, and do, have multiple logins and multiple passwords. At least that way if some scumbag manages to brute force one of my accounts the others are still relatively safe.

This whole openID thing just seems a little dubious to me.

Paris, cos she's got more than one point of entry.

0 0
Wednesday 13th August 2008 12:35 GMT Gordon Ross

Sun don't eat their own dog food ?

So Sun aren't using Solaris anymore, eh ?

0 0
Wednesday 13th August 2008 12:35 GMT Andrew Shirley

@Defective by design

I wouldn't use openId for banking but if I type a password into irc/msn/whatever, I would rather change it in one place than many.

With the current system of isolated authentication, there is a tradeoff between remembering dozens of passwords (and probably choosing less secure ones as a result) and reusing passwords on many sites (which risks the password being leaked and makes changing password much more difficult)

0 0
Wednesday 13th August 2008 19:09 GMT J-Wick

It's "Light Blue Touchpaper"...

The extra 'the' spoils the Cambridge in-joke. Good article, though.

0 0
Wednesday 13th August 2008 21:23 GMT Anonymous Coward

@Andrew Shirley

"there is a tradeoff between remembering dozens of passwords (and probably choosing less secure ones as a result) and reusing passwords on many sites"

You forget the third option, which is the most sensible option in my view: invent complicated passwords, all of them different, and keep them in a text file, which you keep encrypted with another complicated password, which is the only password your will really need to remember.

0 0