OpenID - The Doomsday Effect...

[Teddy Rogers]

Is it just me or are there others out there that look at the use of OpenID as a disaster waiting to happen?

For those of you who do not know about OpenID it is a technology that has been around for a few years already. It is being pushed in to popular use by some of the big guns of the internet. It allows you to create one centralised username, password, contact details and a profile on a website. You can then use the associated OpenID to login, register and use your OpenID details on other sites without filling out all their registration information - all using the one password which you used to setup your OpenID account. All good in principle...

Unfortunately I see this as a disaster waiting to happen. All you need is someone to hack your OpenID on the site which you have your details stored and anyone can register you on to other sites and spoof you with all the details you have stored. Another potential problem is phishing scams, spoof and malicious sites that will be created to hunt down and gather your details and copy and mimic the redirected fake OpenID account sites to get your password. Once you accept a site using your OpenID they will be able to gather all the information you have contained within your OpenID.

There is already a big concern about data and ID theft and I see this only exacerbating the situation. I feel the ignorant and those unaware of the risks and problems with using the internet and an OpenID account will get caught up on those dodgy sites.

This is just the start of OpenID, what details of yours will they be wanting to store in future?

Ted.

[human]

why you care, we all know retards rule the world. politicians dont know anything about security,exploiting,cracking.

when they talk about sex in tv main expert is priest. they all will drink beer they brew.

sorry i dont want openid,rfid,biometric passports etc.

[Teddy Rogers]

I don't need to care about it but its worth discussing... A lot of people will blindly sign up to OpenID and use it without knowing any of the possible dangers behind it. I don't think the security and potential risk of OpenID will be discussed thoroughly to individuals before they sign up to it. The only time they will know of an issue is when its too late.

A lot of the big companies have already adopted OpenID and it is being introduced in to mainstream site software. Many people trust the big names because they are supposed to know whats going on...

Ted.

[GEEK]

thats one of the reasons i havent joined it

[.data]

Indeed, people do trust anything that's backed up with a MS logo, or any other big company's.

There was a talk in BlackHat US '07, entitled, OpenID: Single Sign-On for the Internet.

You can get the whitepaper here.

[Li_]

I use OpenID just for one site (because they require it)

stackoverflow.com - it's a good site to help with programming, very very very large community!

I see where you are coming from, i guess the developers of this site (seemed to be well versed in priority/security) found that some possibilities out-weighed others.

Anyways, i dont mind using it for certain purposes

[Majii Guy]

Let's not forget, what about email? Most communities require an email address, and most people use the same e-mail across communities. Who's to say if you lost your email, most of your accounts to varying communities, banks, etc wouldn't be lost too?

I think people will be more hesitant to give out their OpenID information, as they are with their emails now.

Regardless, I still prefer keeping multiple accounts for multiple communities - linking all my accounts begins to remove a bit of my own privacy..