Code Spatter

There are a lot of phishing vulnerabilities with OpenID: see http://marcoslot.net/apps/openid/ if you haven’t. One awesome solution I’ve come across is using https://pip.verisignlabs.com/ as your OpenID provider and using their security key.

PayPal uses the security key also (and sells it for much cheaper). They send you a small device that fits on your key chain that has a token that is updated every thirty seconds. This adds an extra layer of security to your login and will help protect your accounts from unauthorized users.

The same device can be used in multiple places like PayPal, eBay, and VeriSign’s OpenID provider. When you use it for your VeriSign OpenID you add that additional layer of security to all places you use that OpenID.

To learn more about the security key, check this out https://idprotect.verisign.com/learnmoretoken.v

When logged in to PayPal, go to this link
https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/PPSecurityKey to order the security key for $5.

When the device arrives, log in to your VeriSign provider and go to https://pip.verisignlabs.com/managevipcred.do to add it to your VeriSign OpenID.

Since the URI given by them is quite long, it might be useful to use a website to shorten that to a smaller id. Signing in to tinyid.us will create a user on that site that will redirect to your other OpenID.

Related posts:

1. OpenID vs OAuth  After attending the recent BarCamp, I realized how much talent the Orlando community has. Central Florida seems to be booming...
2. OpenID Enabled  If you haven’t stumbled upon any sites that use OpenID yet, I’ll fill you in on why you might be...
3. CyTE g9 Released  CyTE g9 is now available for download. See http://cyte.googlecode.com for all versions. Miscellaneous Changes Added the include_files function to the...