Wednesday, February 27, 2008

Strong authentication for OpenID

I loved this one ...

I really like the hardware cryptograhic devices and I feel that they add very strong security measures to overall protection of the data.

As known, OpenID is used to login on some site that you trust and let other sites that you use (various community places, forums, commercial services) and where you need to login, use that OpenID login. There's a bit of cryptography in OpenID, but not much.

The problem is with the OpenID login itself. Most OpenID providers (the sites which you trust and where you obtain your OpenID login credentials) use username/password approach which is far from being very secure.

TrustBearer offers you to login using your smartcard or USB token. If you don't have one, you can purchase it directly from them (and the price is very moderate, I must say).

Unfortunately my Aladdin eToken is not listed among the supported devices, and it didn't work. However, they have a good choice of supported devices, so if you decide to get one, you can choose from the listed ones. Also, I will test their service with other devices that we have here (by Entrust and Rainbow). I will then update this post.

BTW our company provides support for cryptographic hardware in it's SecureBlackbox product.

No comments: