[Marketing] Bullet points in the OpenID core message...
=drummond.reed
drummond.reed at cordance.net
Mon Jul 2 22:32:34 UTC 2007
I heard this point made several times at Catalyst last week -- that any site
with an email-based password recovery feature is already trusting email
service providers to uphold the site's security. It's not a perfect
apples-to-apples comparison, but it's close enough that it should give sites
who are reluctant to install OpenID for security reasons justification as to
why they should do it sooner rather than later.
=Drummond
-----Original Message-----
From: marketing-bounces at openid.net [mailto:marketing-bounces at openid.net] On
Behalf Of Mark Atwood
Sent: Monday, July 02, 2007 12:27 PM
To: OpenID marketing
Subject: Re: [Marketing] Bullet points in the OpenID core message...
"Bill Washburn" <bill at oidf.org> writes:
>
> Can OpenID hurry up
> already?<http://www.somebits.com/weblog/tech/bad/user-ids.html>
> willing to trust a big company like Yahoo, Microsoft, Google, even
> my ISP to maintain my identity. Can we do it now please?
Another OpenID advocate I talked about this with last weekend
pointed out to me that a common pushback he got was "we dont
want to trust some random outfit with our users's identity".
He pointed out that if you have a "I forgot my password, please
email me a new one" button, you are already trusting some
random outfit with your users identity, you're trusting his
email provider.
"Please email me a new password" has pretty much the same security
profile as OpenID, it's just slower and with a worse user experience.
--
Mark Atwood When you do things right, people won't be sure
me at mark.atwood.name you've done anything at all.
http://mark.atwood.name/ http://fallenpegasus.livejournal.com/
_______________________________________________
marketing mailing list
marketing at openid.net
http://openid.net/mailman/listinfo/marketing
More information about the marketing
mailing list