Kent Borg wrote:
That is why my hypothetical bad guy was hoping Lastpass becomes very common, then it will become fertile ground for theft.
Yep. The biggest flaw with federated identity is identical to the biggest flaw with SSL. It's entirely dependent on the security of the provider. We already know how easy it is to compromise SSL certificate authorities. Why should anyone expect federated identity providers to be at all different? Because they promise to be better?
-- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
