NYT Password Security Discussion Overlooks Universal Logins

A recent NYT piece explores the never-ending quest for password-based security, to which reader climenole responds with a snippet from ReadWriteWeb that argues it's time to think more seriously about life beyond passwords, at least beyond keeping a long list of individual login/password pairs: "These protective measures don't go very far, according to the New York Times, because hackers can get ahold of passwords with software that remotely tracks keystrokes, or by tricking users into typing them in. The story touches on a range of issues around the problem, but neglects to mention the obvious: the march toward a centralized login for multiple sites."

OpenID isn't the solution

[yourcelf]

The trouble with OpenID is it's still one identity that you're carting around, allowing yourself to be tracked across multiple sites.

A better solution is just to use a password manager (KeepassX, Last Pass, etc.) which lets you manage your own multiple identities in a secure way. This gives you the convenience of a single sign-on with the security of a distinct identity for every site where you want it.

Re:Torn

[houghi]

There used to be a time that you could easily host your own OpenID with e.g. http://siege.org/phpmyid.php
You point to http://yoursite.example.com/ instead of the one from Google or any other OID provider.
That way you limit the chance of giving somebody else access as you manage your own login and password.

Some others might be found here : http://openid.net/developers/libraries