LinkedIn password database compromised

Christopher Morrow morrowc.lists at gmail.com
Thu Jun 7 17:09:48 UTC 2012


On Thu, Jun 7, 2012 at 1:03 PM, Randy Bush <randy at psg.com> wrote:
> hi etaoin,
>
>> I still don't want single sign on.  Not anywhere.
>
> i believe that 'single sign on' is a bad deal and dangerous for all, not
> just we geeks.  essentially it means that the 'identiry provider' owns
> your identity.  i love that they call themselves 'identity providers'
> when it is MY fracking identity and they are reselling it.

so... now that this can is open, has anyone looked at:
  <http://www.oneid.com/>

they seem to have some interesting options for better authentication.

> the 'single sign on' i encourage for the end using human beings i
> support is 1password and its ilk.  it provides the user with one sign-on
> yet strongly encourages separation of identities and strong passwords
> for sites.

the oneid people would say: "it is still a shared secret"

-chris




More information about the NANOG mailing list