Log in

No account? Create an account

Previous Entry | Next Entry

There have been a lot of great discussions the past week around phishing as it relates to OpenID and other protocols like Google's AuthSub, PayPal's "buy it now" buttons, OAuth, etc. Really any protocol where you're directed back to your provider to authorize data sharing suffers from this potential problem. Wanted to point you to a post from Vidoop talking about how their image grid protects MyVidoop users from these attacks and then VeriSign describing how their provider protects you as well in PiP and the "Fun" Test. How many of the Web 2.0 services you login to on a daily basis talk about password security to this degree?

OpenID really excites me because great security minds are able to innovate on top of it and then push their solutions to tens-of-thousands of websites at once! Gone are the days of only companies the size of Microsoft being able to push out new desktop to web authentication technologies.



( 2 comments — Leave a comment )
May. 31st, 2008 06:22 pm (UTC)
Yahoo Anti-Phishing Sign-in Seal
Yahoo allows users to customize their Yahoo Login Screen so that users can recognize their customized login screen. Phishers are not able to display the customizations.

More information about Yahoo's Anti-Phishing Sign-in Seal is here: https://protect.login.yahoo.com/

Jun. 3rd, 2008 09:08 am (UTC)
multifactor "something you have" authenication
I'm authenticating to this comment using a Yubikey One-Time-Password system from the provider at http://openid.yubico.com making which renders any phishing attempt useless :)
( 2 comments — Leave a comment )