General discussion

Locked

Weakest Link Syndrome & Digital Identities

By chris ·
I discovered an article on OpenID.net titled Sony's Weakest Link Hijack.
After reading it, I thought it prudent to start a discussion of both the current state and the future of Digital Identity (DI) logins and Internet Login Standards.

I consider this a very dangerous threat for the future, given the expanding number of online accounts for even the below-average internet user, and the integration of applications and account access from someone's desktop, laptop, tablet, smart phone, multimedia television system, automobile, etc..

I personally have over 70 different accounts and memberships online, including banking, credit cards, utilities & services, email accounts, digital storage, club & organization memberships, tech forums, etc., each with their own usernames & passwords.

I have used a few of the many DI login options: Google, Yahoo & OpenID (through openid.net).
Just for sport, I did a test signup for an openid through a site called openid.org, using a disposable username and password, authenticating the new account via a disposable email address.
The email they sent me contained both my username and password in plain text!!! That's what I call an OpenID! I promptly deleted the account.

I would prefer to use a single DI login (ID/Password combo) for as many sites as possible if I could.

Pros:
1) only 1 username to keep and remember
2) only 1 password to remember or change periodically
3) no password storage application or plugin that only works on certain browsers/OSes
4) avoids the asinine site logins that limit your password to no more than 10 characters, or don't allow non-alphanumeric characters
5) avoids the issue of "Sorry, that username is already is use."

Cons:
1) if someone guesses or hacks your single DI login, they have the keys to your kingdom
2) sites that don't use a standard will need a separate DI login, and would certainly need to be different from your master DI combo, for security
3) if the host of your DI goes out of business, you might have to start all over

Any thoughts on this issue or future best practices?

This conversation is currently closed to new comments.

0 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Back to Community Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums