Slipshod cryptographic housekeeping left some OpenID services far less secure than they ought to be. OpenID is a shared identity service that enables users to eliminate the need for punters to create separate IDs and logins for websites that support the service. A growing number of around 9,000 websites support the decentralised …
"The modern equivalent of a small earthquake in Chile"
I wonder how many people will get this reference from the 1930s?
"Small earthquake in Chile. Not many dead." was (according to Claud Cockburn, 1904-1981) the winner of a competition for the dullest newspaper headline, but this may well have been his invention, in both senses!
old SSL certificates
If only there was some kind of online certificate status protocol that could be used to determine if a certificate was valid. Then Sun could make sure no one misused the old cert.
Defective by design
Am I the only person who thinks that having a single point of entry to all of an individuals accounts across multiple websites is, perhaps, not a great idea?
Personally I'd much rather, and do, have multiple logins and multiple passwords. At least that way if some scumbag manages to brute force one of my accounts the others are still relatively safe.
This whole openID thing just seems a little dubious to me.
Paris, cos she's got more than one point of entry.
Sun don't eat their own dog food ?
So Sun aren't using Solaris anymore, eh ?
@Defective by design
I wouldn't use openId for banking but if I type a password into irc/msn/whatever, I would rather change it in one place than many.
With the current system of isolated authentication, there is a tradeoff between remembering dozens of passwords (and probably choosing less secure ones as a result) and reusing passwords on many sites (which risks the password being leaked and makes changing password much more difficult)
It's "Light Blue Touchpaper"...
The extra 'the' spoils the Cambridge in-joke. Good article, though.
"there is a tradeoff between remembering dozens of passwords (and probably choosing less secure ones as a result) and reusing passwords on many sites"
You forget the third option, which is the most sensible option in my view: invent complicated passwords, all of them different, and keep them in a text file, which you keep encrypted with another complicated password, which is the only password your will really need to remember.
- Review Samsung Galaxy Note 8: Proof the pen is mightier?
- Nuke plants to rely on PDP-11 code UNTIL 2050!
- Spin doctors brazenly fiddle with tiny bits in front of the neighbours
- Game Theory Out with a bang: The Last of Us lets PS3 exit with head held high
- Flash flaw potentially makes every webcam or laptop a PEEPHOLE