Tuesday, February 20, 2007

Is Open ID safe?

Imagine not having to remeber different passwords for the numerous services you access over the Internet. Is it safe to use the same password every time? If the password is comprimised once is your life open to attack?

OpenID, unlike many older identification systems, such as Microsoft's Passport, is a decentralised identification system. It lets individuals use a single password for any site that supports it and its specifications are created by an online community and are freely available for software makers to build into their applications.. AOL has now joined Microsoft in their support of OpenID and in doing have given the free identification scheme 63 million new users.

Instead of a username and password stored in a central location, OpenID treats a web address like a username. Applications that use OpenID check user details against the ones at the provided address.

Though OpenID does provide some security benefits it is not inherently more secure. The standard does not specify how an OpenID server checks that a user is who they claim to be. Even if backed by the big service providers it doesn’t mean it safe. Personally i would rather continue to write copious notes with secrative passwords which i hope i can remeber.