May 272008
Stefan Brands has quite a list of issues with OpenID. I would think that the nature of Yubikey could solve some of the phishing issues. Since the password changes every time, capturing the password gives the bad guy one free login, but doesn’t hand off the keys to the kingdom. The privacy and web activity tracking issues won’t be solved this way. Running your own OpenID server on an SSL protected domain would help a lot, but not everybody can afford (financially or technically) to do that. Stefan points out a lot more issues that have made me reconsider OpenID and whether it is the right idea.