Saying it loud — OpenID leads to phishing
Kim Cameron not only admits what Ben Laurie has said here, here, and here, but he says it succinctly:
OpenID provides convenience and power but suffers the problem of all the Single Sign On technologies – the more it succeeds, the more dramatically phishable it will become.
There you have it.
It has long been a joke about crusty states such as Idaho, Oregon, New Hampshire, or New Jersey that they have signs at the border that read, “Welcome to <insert-name-here>, now go home.”
As a Mac user, someone often asks me if they should switch to a Mac because it’s more secure, my response to them is that the only reason a Mac is more secure than a PC is because it’s only people like me who use them. As soon as hordes of people start using them, then they will no longer be as secure. I like not knowing the details of anti-virus programs. I like not bothering even to run the built-in firewall. So, no, I don’t think you should switch to a Mac because it’s more secure. I think you should just update your virus files every week. Besides, Macs are much more expensive than you can afford. Really. Have you heard about Ubuntu? It’s Open Source! (Cue sounds of angels singing.) People tell me it’s really nice. And I hate Leopard.
Despite all of these being true statements, this technique does not work as well as I would like. I think I need to take a presentation skills class.
OpenID is similar in that it’s a safe neighborhood because people like me don’t go there. Once enough people like me start going there, it’s not going to be secure. I am reminded of comments by each of Groucho Marx and Yogi Berra.
I am happy to help keep OpenID secure by not using it. I’ve already written about what I think is better.
What I find amusing about Cameron’s epiphany is his solution for the problem. He thinks that OpenID should become part of
InfoCardSpace, and thus shipped with Windows.
There’s a joke that begs to be made here, oh, how it begs. It is rim-shot worthy, so I’ll not make it. I’ll merely point out that if you want to get CardSpace, you have to get Vista. Ba-dum-dump.
I am again using the photo “Trunk ‘n Branches” by slightly-less-random because it is the only image in Flickr that comes back from the search of “cardspace phishing” and one of two for “openid phishing“.