Is open id secure?

security openid

OpenID is as secure as the OpenID provider (i.e. "If someone breaks into your Myspace account they've got access to your OpenID & everything that uses it").

Personally I wouldn't trust it with anything valuable. Most of the OpenID providers have a pretty lousy security track record.


While I agree with voretaq7 that OpenID is only as secure as the OpenID provider, I would have to say that when selecting an OpenID provider to use, care must be taken to ensure that you are using a reputable provider. This same idea applies to everything having to do with security. Google, AOL, and I think even Verisign now offer OpenIDs and these companies / providers do have a good track record.

One of the major advantages of OpenID over home-grown security or some other third-party package is that it puts the authentication aspect of security in the hands of companies with more experience and more resources to handle it than most smaller entities have. They tend to have a better ability to protect their servers and data. As an employee of a small shop, I would certainly trust Google more than myself to correctly configure the servers, firewalls, etc necessary to protect this data.

However, OpenID is just as vulnerable to the most dangerous aspect of all -- the users who pick weak credentials.

Related

How long do managed gigabit ethernet switches take to boot up?
Remote Desktop specify the monitor to open on
Rent a build environment [closed]
Several IP address within the same subnet on the same host
LVM spanning over multiple disks: What disk is a file on? Can I lose a drive without total loss?
Restart mysql replication after sql_error
How can I automate clearing and resetting a Linux user's home directory to a default?
Does this SQL Server license seem legit?
ZFS Pool with Different Drive Sizes
php5-fpm: bash script to check config before restart
Cut network cables in Cisco 2960 PoE
Is there any reason to backup Active Directory if you have more than one domain controller?