tag:blogger.com,1999:blog-12046714.post3894480902790813257..comments2024-03-27T13:58:49.915+01:00Comments on Words and what not: The use case for #OpenID indicated by the #LinkedIn hackGerardMhttp://www.blogger.com/profile/14287269079265427282noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-12046714.post-24540022897533592042012-06-19T18:26:02.752+02:002012-06-19T18:26:02.752+02:00The question is not so much if there are potential...The question is not so much if there are potential issues with OpenID, the question is it an improvement on the existing situation..<br /><br />In my opinion, the widespread practice of having a single password on a multitude of websites is a bigger worry.<br />Thanks,<br /> GerardGerardMhttps://www.blogger.com/profile/14287269079265427282noreply@blogger.comtag:blogger.com,1999:blog-12046714.post-87370966823529497542012-06-19T18:15:29.309+02:002012-06-19T18:15:29.309+02:00Try this again:
http://www.computerworld.com/s/art...Try this again:<br /><a href="http://www.computerworld.com/s/article/9225589/Study_finds_major_flaws_in_single_sign_on_systems" rel="nofollow">http://www.computerworld.com/s/article/9225589/Study_finds_major_flaws_in_single_sign_on_systems</a>Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-12046714.post-23244614149652402012-06-19T18:13:35.593+02:002012-06-19T18:13:35.593+02:00All I can say is take a look at this article: http...All I can say is take a look at this article: http://www.computerworld.com/s/article/9225589/Study_finds_major_flaws_in_single_sign_on_systemsAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-12046714.post-71552640450152794702012-06-07T23:39:18.275+02:002012-06-07T23:39:18.275+02:00When LinkedIn was hacked, I lost my password for a...When LinkedIn was hacked, I lost my password for a single site. But if LiveJournal or MyOpenID or any other openid provider would be hacked, I would potentially loose evetything. Who knows how they store my password? Nobody. IMO only 3 rules could prevent such leaks:<br /><br />1) Opensource code, so everyone could control their password safety<br /><br />2) BCrypt. BCrypt. BCrypt-BCrypt-BCrypt-BCrypt-BCrypt-BCrypt-BCrypt-BCrypt<br /><br />3) See rule number 2Lockalhttps://www.blogger.com/profile/04536631902302476376noreply@blogger.com