Friday, February 29, 2008

OpenID needs strong authentication

Here is a nice tutorial from Kim Cameron that demonstrates using OpenID for signon. This tutorial also illustrates the risks if you don't use strong authentication. Also one way to implement strong authentication with OpenID is via the Paypal Security Key which I have mentioned previously.

If your looking for more information on security tokens Information Week has a good article talking about OATH which is a industry wide group working on open authentication. Or you can go straight to the OATH site to get there latest information.

1 comment:

Ray said...

2 things:

1. I was annoyed that he used Chuck (the FreeBSD mascot) to show an evil site. That's not your fault. Chuck is a daemon not a demon...sorry that touched a nervewith me :-)

2. I checked the paypal thing and also looked at the Versign VIP site. It looks like Ebay and PayPal are still the only two participates in this program with the token. Have you found any other sites that use the token?

I know that Google has been on the openid bandwagon as well since I see it as an option in the comments page. I just wonder if Google will go to a token setup as well.