AdminChris Messina (Admin, OpenID)

My feedback

  1. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    I need more information to help.

    What OpenID are you trying to use?

    Where are you trying to use it?

  2. 4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    OpenID isn't just about passwords. It's about identity.

    Unless you're one of those rare people that actually uses a different password on every site you visit, the more you use the same password across the web, the more surface area you're creating that could be used to get your credentials.

    That is, if you use the same password, or switch between 2-3 passwords, across every site you sign up for, any one of those sites could be hacked or misconfigured, compromising your password. Now if you want to change your password on all those other sites, you have to remember where you've used that password and visit each one individually.

    With OpenID, you centrally manage your account and can change your password or add additional security features to keep your account safe.

    OpenID may be more confusing today, but in the future when every site requires some form of identification, having to manage fewer credentials will be extremely convenient.

  3. 9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    While the idea of consolidating your accounts is desirable, putting it into practice is much harder in reality.

    Over time, if more sites adopt OpenID, then you should be able to associate your preferred OpenID with these existing accounts and use them somewhat interchangeably — but that's a long way off given the direction of the industry.

    Thanks for your feedback.

  4. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    Do you not already have an account with one of the providers listed?

  5. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    Thanks for this idea. It's actually similar to services like:

    http://hi.im
    http://dandyid.org
    http://flavors.me

    ...And even Google Profiles.

    Only Google (and perhaps DandyID) currently allow you use your accounts with these services as OpenIDs, but I believe Flavors.me will eventually enable that functionality.

    Cheers!

  6. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    It depends on your provider.

    In some cases, you need to enable this functionality (i.e. Yahoo); in others (Google) your account is automatically enabled as an OpenID.

  7. 15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    This does not currently exist, but is a good idea. Thanks for sharing!

  8. 13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    Thanks for your questions. Replies:

    1. When entering your OpenID into a box, you should NEVER enter your password. ONLY provide your password to your OpenID provider, and always check the URL bar to make sure that you've been correctly redirected to your OpenID provider.

    2. To prevent eaves-dropping, you should use SSL for your OpenID URL.

    3. You are correct. Your OpenID provider will know ever place that sign in to, just like your credit card provider knows about every purchase you make with your credit card. This is a feature, actually, and is why it's important to choose your OpenID provider carefully. Don't use an OpenID provider that you don't trust with this kind of information, just like you wouldn't use a credit card from a company or organization that you don't trust.

    Please note that OpenID is only a protocol and technology, not a service.

    For technical information about how OpenID works, you can read the specifications:

    http://openid.net/developers/specs/

  9. 5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    I looked at your site but couldn't find the specs for how pURLid works.

    Could you please provide a link to the specs? Thanks!

  10. 18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    Your OpenID account is as secure as your OpenID provider wants to make it. That is, with OpenID you can add additional security features like one-time passwords or SMS codes so that you need more than just your password to access your account.

    Also consider that a malicious individual would also only need to break into your email account to reset many of your other passwords or take over your account. OpenID potentially improves your security situation by reducing the number of sites that have access to your password.

  11. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    Take a look at http://openiddirectory.com/

    It's basic, but a good start.

  12. 24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    Sounds like a bug... or maybe you're viewing on a small screen?

  13. 6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    Well, it's not that simple of a problem, and has been raised on the mailing list.

    For example, if Google is your OpenID provider and you sign out of Google, should you also be signed out of YouTube (for just one example)? Some people may want that; others may not.

    It's also a lot harder to push a notification that the "user signed out" to other sites and make sure that the process completes successfully... For example, you know if your login attempt worked because you're either logged in to the immediate site you're on or you're not. If you're signed in to 10 sites, do you really want to visit each site to confirm? Or worse, *wait* for each site to return a message that confirms that you've signed out?

    It isn't that this isn't a valid idea — it's one that has been discussed at length:

    https://wiki.openid.net/f/OpenID%20Logout.pdf

    It's just that implementing it is not only not part of the current OpenID protocol, but it's also something that has a difficult user experience to get right.

  14. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    Actually, that's not how OpenID works.

    Even if someone knows your OpenID, they would still need to sign in to your OpenID provider with your password.

    Even when you tell your provider to use the "always allow" feature, the site you're signing into still MUST ask your provider if you're still signed in. Therefore, knowing your OpenID is not enough to sign in as you.

  15. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    What do you want to reverse?

  16. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    Done.

  17. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    Did you read this page?

    http://openid.net/get-an-openid/

  18. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    It depends on what you want to do. If you want to add OpenID to your project and don't want to read the specification, you should use an existing library:

    http://wiki.openid.net/Libraries

  19. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    What don't you understand about it?

    I suppose it definitely could stand a re-write, but specific feedback would help!

  20. 10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    This might be worth contributing to:

    http://code.google.com/p/openid-test/

← Previous 1 3

Feedback and Knowledge Base