Stories
Slash Boxes
Comments

Dev.SN ♥ developers

Yahoo to End User Access of Services with OpenID

posted by janrinok on Wednesday March 05 2014, @02:05PM   Printer-friendly
from the too-little-too-late? dept.

gishzida writes:

"A Reuters release notes that Yahoo Inc will stop letting consumers access its various online services, including Fantasy Sports and photo-sharing site Flickr, by signing-in with their Facebook Inc or Google Inc credentials. The move marks the latest change to Yahoo by Chief Executive Marissa Mayer, who is striving to spark fresh interest in the company's Web products and to revive its stagnant revenue.

The change, which will be rolled out gradually according to a Yahoo spokeswoman, will require users to register for a Yahoo ID in order to use any of the Internet portal's services."

 
This discussion has been archived. No new comments can be posted.
Yahoo to End User Access of Services with OpenID | Log In/Create an Account | Top | 1000 moderator points   | 27 comments | Search Discussion
Display Options Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by edIII on Wednesday March 05 2014, @04:18PM

    by edIII (791) on Wednesday March 05 2014, @04:18PM (#11498)
    The very concept of OpenID is flawed and deeply deeply deeply stupid.

    If I was running a ton of infrastructure and services, why would I ever let another company authenticate their users with my data? Sure, it seems like a value added service to the user as they only have to remember a single password for everything, and every time they log in I gain brand awareness.

    However, now you have a nice tidy little attack surface. Good for the small startup that no longer has to be responsible for their own security in it's entirety, but bad for the user. Flawed implementations in those other sites may reveal information to give an attacker an advantage.

    There is a reason why banks would never consider such a methodology viable.

    OpenID has always been bad for the user (they probably don't know that), and allowing smaller companies to not pull their own weight WRT security is a self-fulfilling prophecy whereby a data-breach can be inevitable due to incompetence or negligence.

    It only works as long as corporations are willing to cooperate anyways.... which means it's just as stupid as websites linking to other websites to download javascript. Facebook may be more reliable than that small software developer who put up his JQuery module for people to use, but that still doesn't mean it's in either the corporations or the users best interest does it?

    OpenID is just being lazy, and laziness gets you killed on the Internet.
    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 1, Interesting) by Anonymous Coward on Wednesday March 05 2014, @06:55PM

    by Anonymous Coward on Wednesday March 05 2014, @06:55PM (#11568)

    allowing smaller companies to not pull their own weight WRT security is a self-fulfilling prophecy whereby a data-breach can be inevitable due to incompetence or negligence.

    Face it, companies both large and small don't pull their own weight WRT security when the ball is entirely in their court, either. Many BANKS can't do internet security properly, even today. Increased responsibility doesn't reduce incompetence and negligence, it just raises the stakes when that incompetence and negligence is exploited.

    The point of OpenID is to put your authentication security in the hands of companies which take authentication security seriously, rather than gambling your ID with every new service you sign up to.

    • (Score: 2) by edIII on Wednesday March 05 2014, @10:32PM

      by edIII (791) on Wednesday March 05 2014, @10:32PM (#11664)

      You are still far better off having faked information and separate passwords for every single site that you visit.

      For the sites that have information that's real, you progressively create more complicated passwords (proportional to the info you gave them) and demand higher levels of security from them in the form of two-factor authentication and the like.

      If somebody cracked my password here they would find no identifiable information on me, certainly not any kind of sensitive information, and a password that can only be used with SoylentNews.

      If you cracked my account with PizzaHut you could order pizzas and have them sent to my address, but you would be paying for them. I keep waiting for that to happen, but it never does. Lazy hackers.

  • (Score: 0) by Anonymous Coward on Thursday March 06 2014, @07:58AM

    by Anonymous Coward on Thursday March 06 2014, @07:58AM (#11875)

    Because, if you have the option to log in with OpenID, a user is likely to log in if he sees one thing that catches his interest. Then, once he is logged in, he will see your other services, possibly deciding that he is interested in those.

    If, on the other hand, one needs to create an account to log in, the barrier is larger, and a user who sees one thing that catches his interest is more likely to not bother. To attract new users with this model, you need to build your image beforehand.