Comments on: More Secure OpenID http://www.mandladventures.com/2008/01/03/more-secure-openid/ Leading you on the technical adventure Tue, 06 Jan 2009 10:11:20 +0000 http://wordpress.org/?v=2.7 hourly 1 By: steve pepple http://www.mandladventures.com/2008/01/03/more-secure-openid/comment-page-1/#comment-24352 steve pepple Wed, 13 Feb 2008 19:29:10 +0000 http://www.mandladventures.com/2008/01/03/more-secure-openid/#comment-24352 The team I work with is developing a beta implementation of strong, multi-factor authentication for OpenID, <a href="http://openid.trustbearer.com" rel="nofollow">TrustBearer OpenID</a>. We've found that this infinitely decreases the possibility of someone fraudulently accessing another persons' account. We've found some compelling ways to thwart phishing here, as well. We use a web browser add-on to manage the authentication process, and we can actually check the validity of sites here. A user's private data also remain private during the exchange of keys during authetication. We've been concentrating on simple user experience at this point, and we are interested to learn what sort of features user will look for in this type of implementation. With our OpenID, you basically just set-up a strong authentication device and then link the device to your OpenID URL. The team I work with is developing a beta implementation of strong, multi-factor authentication for OpenID,
TrustBearer OpenID.

We’ve found that this infinitely decreases the possibility of someone fraudulently accessing another persons’ account. We’ve found some compelling ways to thwart phishing here, as well. We use a web browser add-on to manage the authentication process, and we can actually check the validity of sites here. A user’s private data also remain private during the exchange of keys during authetication.

We’ve been concentrating on simple user experience at this point,
and we are interested to learn what sort of features user will look
for in this type of implementation.

With our OpenID, you basically just set-up a strong authentication device
and then link the device to your OpenID URL.

]]> By: Matt http://www.mandladventures.com/2008/01/03/more-secure-openid/comment-page-1/#comment-22067 Matt Sat, 19 Jan 2008 04:49:28 +0000 http://www.mandladventures.com/2008/01/03/more-secure-openid/#comment-22067 Thanks for the links Luke. Hadn't seen that particular solution before. Thanks for the links Luke. Hadn’t seen that particular solution before.

]]> By: Luke http://www.mandladventures.com/2008/01/03/more-secure-openid/comment-page-1/#comment-21139 Luke Sun, 06 Jan 2008 23:38:06 +0000 http://www.mandladventures.com/2008/01/03/more-secure-openid/#comment-21139 Matt, Relating to security and OpenID, the following thoughts might interest you: http://blog.vidoop.com/archives/26 http://blog.vidoop.com/archives/33 -Luke Matt,

Relating to security and OpenID, the following thoughts might interest you:

http://blog.vidoop.com/archives/26

http://blog.vidoop.com/archives/33

-Luke

]]> By: Matt http://www.mandladventures.com/2008/01/03/more-secure-openid/comment-page-1/#comment-21058 Matt Sat, 05 Jan 2008 18:36:15 +0000 http://www.mandladventures.com/2008/01/03/more-secure-openid/#comment-21058 Thanks for the comment Aswath. What you described is a good and easy way to avoid OpenID phishing attempts. Thanks for sharing your knowledge. Thanks for the comment Aswath. What you described is a good and easy way to avoid OpenID phishing attempts. Thanks for sharing your knowledge.

]]> By: Aswath http://www.mandladventures.com/2008/01/03/more-secure-openid/comment-page-1/#comment-21056 Aswath Sat, 05 Jan 2008 16:54:24 +0000 http://www.mandladventures.com/2008/01/03/more-secure-openid/#comment-21056 One way to avoid phishing attempts is to use the tab feature available in many browsers. Before using OpenID in a site, open a new tab, log into your OpenID provider and leave the tab open. Then you can use OpenID from any other tab in the same window. A conforming site will not redirect you to your provider's login screen. This eliminates any phishing opportunity. One way to avoid phishing attempts is to use the tab feature available in many browsers. Before using OpenID in a site, open a new tab, log into your OpenID provider and leave the tab open. Then you can use OpenID from any other tab in the same window. A conforming site will not redirect you to your provider’s login screen. This eliminates any phishing opportunity.

]]>