More on VeriSign PIP OpenID
September 1st, 2007
Yesterday, I talked about using a VeriSign security token with your VeriSign PIP OpenID. I kinda gleaned over the fact that you can use the PayPal Security Key. And that is actually a big deal…
PayPal Security Key
You want, neh… you need a PayPal Security Key and here’s why:
1. The PayPal Security Key is only $5 compared to the $30 for the VeriSign Keychain Token. (Note: The two photos aren’t to the same scale. The tokens are actually the same size):
2. The PayPal Security Key makes use of VeriSign’s backend, so it’s just as secure as VeriSign’s own VeriSign Keychain Token. (PayPal’s security token is in actuality just a rebranded VeriSign security token.)
3. The VeriSign Keychain Token can only be used with VeriSign PIP. The PayPal Security Key can be used with PayPal, eBay, and VeriSign PIP. That doesn’t mean that PayPal and eBay support OpenID; that simply means that you need to enter the number displayed on the screen in addition to your PayPal/eBay username and password when logging in.
VeriSign PIP
When VeriSign developed their PIP framework, they did it right:
1. You’re forced to use SSL when accessing their site:
Even if you go to http://pip.verisignlabs.com/, you’ll be redirected to the secure, certificate-fied https://pip.verisignlabs.com/.
2. It makes use of a site key by showing your personal icon:
…not that site keys are that great, since they can still succumb to man-in-the-middle attacks, but they’re better than nothing.
3. It maintains and display logs of your security token usage. By clicking on the My Activities link on the right panel, you’ll see:
And these three things are all good to have. You need that much more security for your OpenID identity since OpenID is meant to be used on multiple websites. And since multiple websites will potentially have the same OpenID for you, it needs to be kept that much more safe and secure.
[Update] You can also have multiple OpenIDs in the same VeriSign PiP account which I just recently found out about.
SeatBelt
VeriSign also has a new Firefox plug-in called SeatBelt that detects your VeriSign OpenID login status:
…and asks you if you want to login if it detects that you just went to a page asking for your OpenID:
You can’t add too much more convenience without sacrificing security than that.
Very cool!
That’s great advice to buy a PayPal security key instead of a Verisign one.
I know that OpenID is gaining popularity, but I’m curious - how often do you find yourself using it? So far I haven’t used it much at all.
Okay never, really.
September 1, 2007 @ 3:13 pm
I have used it on your blog
I have used it on jyte. If I was on LiveJournal instead of WordPress I would use it there too… alas I’m not on LiveJournal. So yeah, it is true; I don’t get to use it as much as I would like…
However, OpenID is currently in the chicken or the egg causality dilemma. No one supports OpenID because no one is using OpenID because no one supports OpenID. This is just my attempt to jumpstart an underused but great technology.
September 2, 2007 @ 2:52 am
I did notice just today (just after I left my comment, incidentally) that dzone.com uses openid too.
September 2, 2007 @ 5:14 am
[…] 2007 So I recently had a support experience with VeriSign’s PiP provider that I’ve been talking a lot about. Here’s the story (in all its gory […]
September 4, 2007 @ 1:41 pm