It's worth pointing out that some OpenID providers are better than others. An OpenID provider could implement 2-factor authentication, and some have (http://www.infrastructure.ziffdavisenterprise.com/c/a/Blogs/OpenID-In-H ardware/), or other features which could strengthen it.
Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
