@ Rain In the face

I don’t think yahoo offering has much importance. Anyway they are an ailing company. If Microsoft acquires it things will become worse that it. Both the companies give least importance to security. And personally I am not going to use Yahoo OpenID for my authentication needs.

you know what happened with Bangalore Weekend shoots (http://flickr.com/groups/bangaloreweekendshoots/ )

we had support tickets raised, cried out for help in the forums (http://flickr.com/help/forum/en-us/64948/) but nothing happened. I don’t want to use such a company’s offerings.

@ vanchi,

even I had the same concerns but i think in the case of OpenID we have better control over our online security. If one of the OpenID providers are compromised we can switch to another one and keep our id, in my case http://freebird.in intact.

Use features like safe sign in, never say “Allow for ever” etc will definitely improve your security

@ pravi,

service cracking is still possible. Its all over the place. For the recent example go to the links i had give above. I am not sure how the attack happened but it may be because of Yahoo’s BBAuth’s bugs, flickr API’s bugs or even a password theft.

In today’s scenario the the most important scenario is the social networking attacks than a breaking in attack. We sign up into n number of different services with different UID combinations and I don’t think we are able to keep strong passwords for all. In short the best solution is to go for a secure, manageable authentication mechanism independent of the service providers. OpenID do have its holes, but it will stabilize in the times to come.