Chris MessinaAdminChris Messina (Admin, OpenID)

My feedback

  1. 3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
      Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

      I need more information to help.

      What OpenID are you trying to use?

      Where are you trying to use it?

    • 4 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        2 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
        Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

        OpenID isn't just about passwords. It's about identity.

        Unless you're one of those rare people that actually uses a different password on every site you visit, the more you use the same password across the web, the more surface area you're creating that could be used to get your credentials.

        That is, if you use the same password, or switch between 2-3 passwords, across every site you sign up for, any one of those sites could be hacked or misconfigured, compromising your password. Now if you want to change your password on all those other sites, you have to remember where you've used that password and visit each one individually.

        With OpenID, you centrally manage your account and can change your password or add additional security features to keep your account safe.

        OpenID may be more confusing today, but in the future when every site requires some form of identification, having to manage fewer credentials will be extremely convenient.

      • 9 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
          Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

          While the idea of consolidating your accounts is desirable, putting it into practice is much harder in reality.

          Over time, if more sites adopt OpenID, then you should be able to associate your preferred OpenID with these existing accounts and use them somewhat interchangeably — but that's a long way off given the direction of the industry.

          Thanks for your feedback.

        • 1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            2 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
            Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

            Do you not already have an account with one of the providers listed?

          • 1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
              Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

              Thanks for this idea. It's actually similar to services like:

              http://hi.im
              http://dandyid.org
              http://flavors.me

              ...And even Google Profiles.

              Only Google (and perhaps DandyID) currently allow you use your accounts with these services as OpenIDs, but I believe Flavors.me will eventually enable that functionality.

              Cheers!

            • 2 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                It depends on your provider.

                In some cases, you need to enable this functionality (i.e. Yahoo); in others (Google) your account is automatically enabled as an OpenID.

              • 15 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  3 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                  Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                  This does not currently exist, but is a good idea. Thanks for sharing!

                • 13 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                    Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                    Thanks for your questions. Replies:

                    1. When entering your OpenID into a box, you should NEVER enter your password. ONLY provide your password to your OpenID provider, and always check the URL bar to make sure that you've been correctly redirected to your OpenID provider.

                    2. To prevent eaves-dropping, you should use SSL for your OpenID URL.

                    3. You are correct. Your OpenID provider will know ever place that sign in to, just like your credit card provider knows about every purchase you make with your credit card. This is a feature, actually, and is why it's important to choose your OpenID provider carefully. Don't use an OpenID provider that you don't trust with this kind of information, just like you wouldn't use a credit card from a company or organization that you don't trust.

                    Please note that OpenID is only a protocol and technology, not a service.

                    For technical information about how OpenID works, you can read the specifications:

                    http://openid.net/developers/specs/

                  • 5 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                      Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                      I looked at your site but couldn't find the specs for how pURLid works.

                      Could you please provide a link to the specs? Thanks!

                    • 18 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                        Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                        Your OpenID account is as secure as your OpenID provider wants to make it. That is, with OpenID you can add additional security features like one-time passwords or SMS codes so that you need more than just your password to access your account.

                        Also consider that a malicious individual would also only need to break into your email account to reset many of your other passwords or take over your account. OpenID potentially improves your security situation by reducing the number of sites that have access to your password.

                      • 1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                          Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                          Take a look at http://openiddirectory.com/

                          It's basic, but a good start.

                        • 24 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            5 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                            Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                            Sounds like a bug... or maybe you're viewing on a small screen?

                          • 6 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                              Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                              Well, it's not that simple of a problem, and has been raised on the mailing list.

                              For example, if Google is your OpenID provider and you sign out of Google, should you also be signed out of YouTube (for just one example)? Some people may want that; others may not.

                              It's also a lot harder to push a notification that the "user signed out" to other sites and make sure that the process completes successfully... For example, you know if your login attempt worked because you're either logged in to the immediate site you're on or you're not. If you're signed in to 10 sites, do you really want to visit each site to confirm? Or worse, *wait* for each site to return a message that confirms that you've signed out?

                              It isn't that this isn't a valid idea — it's one that has been discussed at length:

                              https://wiki.openid.net/f/OpenID%20Logout.pdf

                              It's just that implementing it is not only not part of the current OpenID protocol, but it's also something that has a difficult user experience to get right.

                            • 3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                Actually, that's not how OpenID works.

                                Even if someone knows your OpenID, they would still need to sign in to your OpenID provider with your password.

                                Even when you tell your provider to use the "always allow" feature, the site you're signing into still MUST ask your provider if you're still signed in. Therefore, knowing your OpenID is not enough to sign in as you.

                              • 1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                  Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                  What do you want to reverse?

                                • 3 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                    Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                    Done.

                                  • 2 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                      Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                      Did you read this page?

                                      http://openid.net/get-an-openid/

                                    • 3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                        Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                        It depends on what you want to do. If you want to add OpenID to your project and don't want to read the specification, you should use an existing library:

                                        http://wiki.openid.net/Libraries

                                      • 1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                          Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                          What don't you understand about it?

                                          I suppose it definitely could stand a re-write, but specific feedback would help!

                                        • 10 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            3 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                            Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                            This might be worth contributing to:

                                            http://code.google.com/p/openid-test/

                                          ← Previous 1 3

                                          Feedback and Knowledge Base