What Are You Guys Using For OpenID?

I’m only using it to log into a small Magnolia bookmark group that stores and shares Risk Management articles.

I can see using it more in the future, but only for the dozens of non-sensitive sites that make me login (fantasy baseball, photo sharing and the like) and not something where the loss to me might be greater (paypal, online banking).

One of the issues I have with it is that I can’t think of an OpenID provider that has done a good job of assuring me as to their ability to reduce the risk to me. The selling point I’ve seen from providers is convenience, not security. OpenID providers need to assure me of both.

I am waiting on one of two things to happen; either dslreports or Google enables accounts to be OpenIDs. Justin has said it’s not high on his priority list, but it is on his to-do list. I don’t know what Google’s plans are. You can post on blogger comments with OpenID, but it doesn’t appear you can use your Google ID as an OpenID yet.

I’m using PIP from VerisignLabs, linked with a hard token (same token that is used with the Paypal and eBay websites). I use my domain name as the endpoint.

I think the idea is good, but the implementation by the enabled sites is goofy. Take CNN for example. You first have to open a free account with them, then link your OpenID to that account, then you can log in with OpenID. Defeats the purpose IMHO.

I like using it for blog commenting though. Comment and go without registration.

The biggest theoretical issue I have is that if my domain name lapses and someone else throws up their own OpenID endpoint in it’s place, then that person can log in as me on the pages that I’ve previously authorized. Like the other commenter said, this would be bad if sites like PayPal or my bank were accepting OpenID…

The PASP enhancements look promising.