Skip to main content

Saying it loud -- OpenID leads to phishing

Kim Cameron (opens in new tab) not only admits (opens in new tab) what Ben Laurie has said here (opens in new tab), here (opens in new tab), and here (opens in new tab), but he says it succinctly:

OpenID provides convenience and power but suffers the problem of all the Single Sign On technologies - the more it succeeds, the more dramatically phishable it will become.

There you have it.

It has long been a joke about crusty states such as Idaho, Oregon, New Hampshire, or New Jersey that they have signs at the border that read, "Welcome to , now go home."

As a Mac user, someone often asks me if they should switch to a Mac because it's more secure, my response to them is that the only reason a Mac is more secure than a PC is because it's only people like me who use them.

As soon as hordes of people start using them, then they will no longer be as secure.

I like not knowing the details of anti-virus programs. I like not bothering even to run the built-in firewall. So, no, I don't think you should switch to a Mac because it's more secure. I think you should just update your virus files every week.

Besides, Macs are much more expensive than you can afford. Really. Have you heard about Ubuntu (opens in new tab)? It's Open Source! (Cue sounds of angels singing.) People tell me it's really nice. And I hate Leopard.

Despite all of these being true statements, this technique does not work as well as I would like. I think I need to take a presentation skills class.

OpenID is similar in that it's a safe neighborhood because people like me don't go there. Once enough people like me start going there, it's not going to be secure. I am reminded of comments by each of Groucho Marx (opens in new tab) and Yogi Berra (opens in new tab).

I am happy to help keep OpenID secure by not using it. I've already written about what I think is better (opens in new tab).

What I find amusing about Cameron's epiphany is his solution for the problem. He thinks that OpenID should become part of InfoCardSpace, and thus shipped with Windows.

There's a joke that begs to be made here, oh, how it begs. It is rim-shot worthy, so I'll not make it. I'll merely point out that if you want to get CardSpace, you have to get Vista. Ba-dum-dump.

I am again using the photo "Trunk 'n Branches (opens in new tab)" by slightly-less-random because it is the only image in Flickr that comes back from the search of "cardspace phishing (opens in new tab)" and one of two for "openid phishing (opens in new tab)".