archGFX » OpenID

OpenID PSA

adam — Thu, 20 Mar 2008 16:48:38 +0000

I've re-enabled the WP-OpenID plugin, despite problems Trent experienced with previous versions. I'm not being deliberately cruel, honest. So make sure that you copy the body of your comment before hitting submit1 . If you have trouble commenting, 1) please submit a bug report to your OpenID provider, especially if that's wordpress.com 2) drop me a line, via the contact form. This has been inspired by recent discussions on WP-Hackers, if you're wondering. As an added bonus, if you comment with an OpenID, your comment will be whitelisted by Defensio.

This is always a good practice, no matter where you're commenting. I also copy the body of my posts before clicking publish.

Shame on me

adam — Mon, 12 Nov 2007 13:59:25 +0000

I've been lax in my personal security. Until last week, I only had 5 or so passwords. 1 for bank-grade security sites that required a strong password, 1 for physical computers, a few old ones, and the kicker, 1 for everything on the internet. Evidently I either signed up for something not so safe, or authenticated in plain text somewhere unsafe. Or my "everything password" wasn't that secure.

Either way, someone guessed, stole, or cracked their way to my paypal account, and bought a couple hundred dollars worth of shareware via SWReg.org. The funds came from a savings account so my first warning actually came from paypal, who placed restrictions on my account after the first couple login attempts failed.

I called up to report the fraudulent charges, and while the woman did helpfully explain that I could have done this all without taking my fingers off the keyboard, it was a good thing. Besides being incredibly nice to someone asking questions from the FAQ, She also gave me a little shpiel about their new security keys, and offered to send me one. Given my love of 1) free shit 2) security (present idiocy notwithstanding) 3) gadgets, I think you can guess my answer.

It's a VIP token, a pretty badass little toy. You push a button and it generates a 6-digit number that's good for 30 seconds or so, which you use when you sign into your paypal + ebay accounts. Not only that, but since it's made by verisign, you can add it to your PIP openID as well. Now, in addition to having changed all my internet passwords, I've got ridiculously strong security on anything that I sign into with OpenID. I'm using it for this site with openID+ v2.0(released friday), although the previous versions have been glitchy.

Unfortunately, I still haven't finished with paypal yet. I have a premier account, which at some point required a land line. I no longer have a home phone, so they have to physically mail me something, to restore my account. That's just for the restrictions, though. They've already refunded the fraudulent charges.

WP.com as OpenID Provider

adam — Tue, 06 Mar 2007 13:23:17 +0000

oh, hell yeah. from the FAQ, no doubt in response to this idea. this is one step closer to making it feasable for me to only allow comments on archgfx that are openID authenticated. neither livejournal, technorati, or wp.com are the be all end all of providers (that wouldn't be the point), but it's getting close to a quorum.

downhill orgy

adam — Wed, 07 Feb 2007 16:33:25 +0000

so, let me get this straight, ozzfest announces that they're fighting rising ticket prices by making theirs free, apple attempts to shame the music industry by coming out against DRM, and microsoft becomes one of the biggest proponents of OpenID. i must be dreaming. this is too good.