I propose ...

A kind of "history log" of where an OpenID is used

Dear OpenId,

How safe is OpenID? It seems to me that having one ID for everything is a big vulnerability issue.

For example, Person X can figure out the ID and password to a Person Y's OpenID account, giving Person X the ability to go through all of Person Y's websites.

Does OpenID have any way of contacting a person if someone's been on their account? I suggest that OpenID should give users a detailed account to where his or her OpenID is being used.

18 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    anonymousanonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Chris MessinaAdminChris Messina (Admin, OpenID) commented  ·   ·  Flag as inappropriate

        Your OpenID account is as secure as your OpenID provider wants to make it. That is, with OpenID you can add additional security features like one-time passwords or SMS codes so that you need more than just your password to access your account.

        Also consider that a malicious individual would also only need to break into your email account to reset many of your other passwords or take over your account. OpenID potentially improves your security situation by reducing the number of sites that have access to your password.

      Feedback and Knowledge Base