[Full-disclosure] OpenID. The future of authentication on the web?
Steven Rakick
stevenrakick at yahoo.com
Sun Mar 23 23:16:28 GMT 2008
Many of you have brought up that OpenID is vulnerable
to phishing and have highlighted weaknesses specific
traditional username/password authentication.
This was the main reason I bought up Information Cards
in my original post. I've noticed that Beemba
(http://www.beemba.com) and MyOpenID
(http://www.myopenid.com) have both implemented
Information Cards as an authentication option.
Good idea?
It seems to me that if you were to rely on Information
Cards as opposed to username/password the phishing
angle is mitigated. Is this not the case?
-sr
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Full-Disclosure is hosted and sponsored by Secunia.