[OpenID] OpenID and SSO

[SitG Admin]

>once you're inside you tend to have access to it all.

As a matter of policy, the passwords that have the greatest need to 
be secure ought to be more difficult to remember - they can't be 
written down or frequently used (the latter nullifies this and the 
latter weakens it). As a general principle, any password that 
requires you to sit there for a few minutes just to figure out what 
it was, has greater security.

The same could apply to other areas. Take the physical token you 
carry around with you all the time, versus the one that is locked up 
in the vault at a local bank - someone mugs you for the everyday 
token and doesn't get the ability to make any severe changes.

-Shade