openid.ui.mode for embedded devices

Allen Tom atom at
Thu Feb 18 17:49:17 UTC 2010

Hi Hitoshi -

Some sites require users to enter both a password and a 1 time use token
(like a SecurID/RSA/VeriSign token) or a short code that's sent to the
user's cell phone.

Additionally, some sites authenticate users with a client side cert or using
Information Card. 


On 2/18/10 8:09 AM, "Hitoshi Uchida" <hitoshi.uchida at> wrote:

> Hi Allen,
> Thank you for your comment.
>> Although users generally authenticate with their OpenID Provider using a
>> username/password, the OpenID spec does not require users to have passwords.
>> OpenID currently requires users to have browsers so that users can
>> authenticate using other methods besides a password.
> I think, for instance, you mean a use case using PAPE because OP may
> use CAPTCHA to authenticate the user in addition to username/password.
> And also,  web browser would be needed for rich user interface for
> login page.
> However, concerning other method besides a password you mentioned, I
> think almost of 'real' OP actually authenticate users by using only
> username/password.

More information about the user-experience mailing list