I'm not saying OpenID is more convenient and has benefits... I was just saying there are conventions to make passwords unique per-site.
So if you don't mind getting past the single point of 0wnership, then OpenID is good to go. Me, I don't trust technology. On Mon, Mar 24, 2008 at 10:27 AM, Petko D. Petkov < [EMAIL PROTECTED]> wrote: > as I said, some websites ask you for a username regardless whether > that will be an email address. and unfortunately a username is not > unique through out the Web. which means that if your username is > john-bambenek on one system it could be completely different on > another system due the fact that some vendors don't like the "-" or > they don't like the length or they ask you to have a number in the > username or even they provide you with such. So keeping track of > usernames is as hard as keeping track of passwords. Put them all > together and then you will experience the pain. > > On the other hand OpenID provides you with a unique ID. Only you can > use it on every system without the need to worry. > > On Mon, Mar 24, 2008 at 3:22 PM, John C. A. Bambenek, GCIH, CISSP > <[EMAIL PROTECTED]> wrote: > > Well in my case it's easy... how many people do you know named John > Bambenek > > (my father doesn't count)? :) > > > > I was just speaking about passwords in that case, presumably people can > > remember their email addresses. > > > > > > > > On Mon, Mar 24, 2008 at 10:17 AM, Petko D. Petkov > > <[EMAIL PROTECTED]> wrote: > > > what about usernames? you still need to keep track of your usernames > > > since sometimes your preferred username is either taken or not > > > possible or you need to login via email or any other peculiarity the > > > site supports. > > > > > > > > > > > > > > > On Mon, Mar 24, 2008 at 2:43 PM, John C. A. Bambenek, GCIH, CISSP > > > <[EMAIL PROTECTED]> wrote: > > > > I would disagree. One could simply create a template password and > then > > salt > > > > it with some acronym for the site in question. > > > > > > > > For instance, S0m3p4ss!### where ### is a 3-letter acronym for the > site > > they > > > > are accessing. Still need only one password to remember and you > don't > > > > necessarily have a single point of 0wnership anymore. > > > > > > > > > > > > > > > > On Sun, Mar 23, 2008 at 7:04 PM, Larry Seltzer < > [EMAIL PROTECTED]> > > > > wrote: > > > > > > > > > > >>I understand the attractiveness of not having to remember lots > of > > IDs > > > > > and passwords, but when you give up control of your data, you give > up > > > > > control of your future. > > > > > > > > > > Normal people aren't going to remember enough passwords, let alone > > > > > strong passwords, to make that control meaningful. I do get your > > point, > > > > > but I bet that the best alternative is to give them one set of > > > > > credentials and make it as strong as possible. > > > > > > > > > > > > > > > Larry Seltzer > > > > > eWEEK.com Security Center Editor > > > > > http://security.eweek.com/ > > > > > http://blogs.pcmag.com/securitywatch/ > > > > > Contributing Editor, PC Magazine > > > > > [EMAIL PROTECTED] > > > > > > > > > > _______________________________________________ > > > > > > > > > > > > > > > > > > > > Full-Disclosure - We believe in it. > > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > > > > > > > > > _______________________________________________ > > > > Full-Disclosure - We believe in it. > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Petko D. (pdp) Petkov | GNUCITIZEN | Hakiri | Spin Hunters > > > > > > gnucitizen.org | hakiri.org | spinhunters.org > > > > > > > > > > > -- > > Petko D. (pdp) Petkov | GNUCITIZEN | Hakiri | Spin Hunters > > gnucitizen.org | hakiri.org | spinhunters.org >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/