Here are the slides that we presented during the OpenID Summit. The basic premise was to identify the list of issues that have been mentioned in the past and classify them as
- Protocol Issues
- Browser / Http Issues
- Deployment Issues.
Breno (Google) had a follow up session at IIW to address the protocol issues.
OpenID Protocol Issues
Michael Hanson (Mozilla) and Jeff had a session to address browser / http issues. (Still trying to find notes from that session).
Since passwords aren’t going away for now, I asked a few on how do they manage their passwords. Here are some responses:
- Write them on a paper / notepad and keep it in the drawer.
- Keep them in a Word/Excel spreadsheet and password-protect the file.
- Use client-based software (example: KeePass, PasswordSafe, 1Password).
- Use external password managers that plugs into your PC (example: IDVault, IronKey) – to avoid the portability issue with the previous option.
- Use the browser ‘remember password’ feature.
- Use browser based password managers (example: Roboform, Sxipper, LastPass).
- Use the same password everywhere (hey…most convenient and SSO )
- Use the same password for a set of sites and mentally segregate them in various categories (e.g. work, home, finance).
- Use the same password everywhere but a different username.
- Use a personal algorithm (example: AbC<sitename>123). Easy to remember; portable; different for each site and results in a complex password.
- Use a passphrase (example: “I really love this blog” or a derivation “irltb”. Even better if the phrase is in a foreign language).
By the way, here are some good tips from Microsoft on creating passwords.