Effects of OpenID or similar standards
david-sarah at jacaranda.org
Tue Nov 3 15:41:52 EST 2009
> On Mon, Nov 2, 2009 at 5:41 PM, Jerry Leichter <leichter at lrw.com> wrote:
>> The trend is for this to get worse, with
>> network-wide shared authentication via OpenID or whatever other standard
>> catches on.
> Not to derail this, but OpenID is flexible enough to permit
> fine-grained authentication as well as non-password-based
> authentication (e.g. smart card) and multi-factor authentication.
It's unlikely to be used that way except in a small minority of cases.
Jerry is absolutely correct that the practical result will be that most
users of OpenID will become more vulnerable to compromise of a single
password. This will only increase the value of several kinds of attack
(phishing, exploiting client security flaws, XSS, CSRF). I bet that
attackers are rubbing their hands in anticipation.
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 292 bytes
Desc: OpenPGP digital signature
More information about the cryptography