--On March 23, 2008 4:16:28 PM -0700 Steven Rakick <[EMAIL PROTECTED]> wrote:
> Many of you have brought up that OpenID is vulnerable > to phishing and have highlighted weaknesses specific > traditional username/password authentication. > > This was the main reason I bought up Information Cards > in my original post. I've noticed that Beemba > (http://www.beemba.com) and MyOpenID > (http://www.myopenid.com) have both implemented > Information Cards as an authentication option. > > Good idea? > > It seems to me that if you were to rely on Information > Cards as opposed to username/password the phishing > angle is mitigated. Is this not the case? > Beemba doesn't appear to have any online FAQ or help. MyOpenID points to further information which leads to this: "With OpenID, you don’t have to sign up and create a new account for each site that supports OpenID – you can just use the identity you already have. Hundreds of millions of OpenIDs already exist, and it is likely that you already have one from a service you use." Nice to know that someone is creating identities for me without my knowledge. With an ethical stance like that, why should I trust them to make my ID secure as well? I don't see any information at all about Information Cards. Perhaps you could provide a link? Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
