[security] OpenID for High Security?

Phil Kulak pkulak at gmail.com
Tue Feb 20 15:06:47 PST 2007


I've started a new project and integrated an OpenID sign-on into it
along with normal registration. The only issue I have is that this
project requires more security then something like a blog and I'm
wondering if it's appropriate to allow people to use OpenID to access
the system. My concern is that a user who doesn't know what they are
doing can sign up with an identity provider who is not as secure as I
would like. Of course, the user can also write down their password on
a sticky note if they use the standard login. Does anyone have any
experience with this? Thanks!


More information about the security mailing list