This Blog Is Not Updated Any More.

Check out my new blog on Medium: http://facilelogin.com

Topics: Identity and Access Management, Blockchain, Ethereum, Bitcoin, Security, PSD2, GDPR



Friday, December 21, 2007

Password-less login support with myOpenID

This is another outcome of OpenID Cardspace integration, to the OpenID community.

With the aid of Personal Information cards, it's possible to implement password-less login.

With this apporach, most of the cases you will signup with a Personal Information card. The beauty of Personal cards is, CardSpace creates a unique id [ppid] for each information card, relying party combination. See the screen-shot below. I am using the same Personal Information card to signin to many relying parties.

Okay - what happens if we lose the Infocard - say we clear the CardSpace. Can we use another personal card with the same set of claims to login to my RP. No, you won't - remember I said, ppid, is a combination of Infocard + RP, so once you lost your Infocard you can do nothing to login to the same RP with the same profile.But, RPs may have different ways to recover your account/profile - remember, the 'secret question' in a normal username/password case.

There are two patterns found, adapted by many sites to implement passwordless login.

1. Signup directly with your Personal Information card.

2. Signup with a username/password based account and associate any number of Personal Infocards with it. So - later you can have passwordless login with any of the associated Infocards. Also - with this approach if you lose your Infocard you need not to worry too much, you have the other option - username/password login.

The above two are the most common ones. In addition to those myOpenID also supports removing the password from your account [deviates slightly from 2] - once you have linked your account with a Personal Infocard.

Also, it's a good practice to backup your Infocards. Windows Cardspace let you have encrypted backups.

0 comments: