Comments on: Estonia issuing Smart-cards for OpenID logins? http://blog.ironkey.com/?p=119 A blog by Dave Jevans Sun, 08 Aug 2010 18:07:39 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Martin Paljak http://blog.ironkey.com/?p=119&cpage=1#comment-6103 Martin Paljak Thu, 08 Jul 2010 11:28:48 +0000 http://blog.ironkey.com/?p=119#comment-6103 OT: I just received an ironkey (s200 personal), it would be nice if some of the identity functionality worked on Mac as wel. OT: I just received an ironkey (s200 personal), it would be nice if some of the identity functionality worked on Mac as wel.

]]> By: steve pepple http://blog.ironkey.com/?p=119&cpage=1#comment-1337 steve pepple Wed, 13 Feb 2008 17:00:40 +0000 http://blog.ironkey.com/?p=119#comment-1337 A combination of multi-factor authentication and OpenID is a good way to prevent many types of phishing attacks. I work with a team that is developing a beta implementation of strong authentication for OpenID using a number of different authentication devices, <a href="http://openid.trustbearer.com" rel="nofollow">TrustBearer OpenID</a>. We've found that this infinitely decreases the possibility of someone fraudulently accessing another persons' account. We've found some compelling ways to thwart phishing here, as well. We use a web browser add-on to manage the authentication process, and we actually check the validity of sites here. A user's private data also remain private during OpenID authentication. We've been concentrating on simple user experience at this point, and we are interested to learn what sort of features user will look for in this type of openID implementation. With our OpenID, you basically just set-up a strong authentication device and then link the device to your OpenID URL. A combination of multi-factor authentication and OpenID is a good way to prevent many types of phishing attacks.

I work with a team that is developing a beta implementation of strong authentication for OpenID using a number of different authentication devices,
TrustBearer OpenID.

We’ve found that this infinitely decreases the possibility of someone fraudulently accessing another persons’ account. We’ve found some compelling ways to thwart phishing here, as well. We use a web browser add-on to manage the authentication process, and we actually check the validity of sites here. A user’s private data also remain private during OpenID authentication.

We’ve been concentrating on simple user experience at this point,
and we are interested to learn what sort of features user will look
for in this type of openID implementation.

With our OpenID, you basically just set-up a strong authentication device
and then link the device to your OpenID URL.

]]> By: Carsten Pötter http://blog.ironkey.com/?p=119&cpage=1#comment-461 Carsten Pötter Sun, 27 May 2007 18:09:44 +0000 http://blog.ironkey.com/?p=119#comment-461 Small correction: I have claimed it in the title (in order to have a short one) but was more clear in the article. Small correction: I have claimed it in the title (in order to have a short one) but was more clear in the article.

]]> By: Carsten Pötter http://blog.ironkey.com/?p=119&cpage=1#comment-460 Carsten Pötter Sat, 26 May 2007 21:10:07 +0000 http://blog.ironkey.com/?p=119#comment-460 Surely I have had to realise that smart cards don't prevent phishing completely, but I have not claimed that every Estonian will have an OpenID. ;) Surely I have had to realise that smart cards don’t prevent phishing completely, but I have not claimed that every Estonian will have an OpenID. ;)

]]> By: Martin Paljak http://blog.ironkey.com/?p=119&cpage=1#comment-459 Martin Paljak Sat, 26 May 2007 20:50:32 +0000 http://blog.ironkey.com/?p=119#comment-459 And there are no smart cards *issed* for OpenID specifically - there is just a strong electronic identity infrastructure that allows such add-ons like OpenID authentication to be implemented. They just happen to use the strong authentication methods provided with the identity infrastructure already in place (that powers applications like secure online banking and secure online voting as well) And there are no smart cards *issed* for OpenID specifically – there is just a strong electronic identity infrastructure that allows such add-ons like OpenID authentication to be implemented. They just happen to use the strong authentication methods provided with the identity infrastructure already in place (that powers applications like secure online banking and secure online voting as well)

]]> By: Martin Paljak http://blog.ironkey.com/?p=119&cpage=1#comment-458 Martin Paljak Sat, 26 May 2007 20:44:15 +0000 http://blog.ironkey.com/?p=119#comment-458 To be precise: This is NOT a government activity. Watch my blog (http://martin.paljak.pri.ee) for different posts that shall be posted about this service now and in the future. To be precise: This is NOT a government activity. Watch my blog (http://martin.paljak.pri.ee) for different posts that shall be posted about this service now and in the future.

]]>