myOpenID Security Features

myOpenID, one of the most well known OpenID providers, has been redesigned in fancy green and blue colours but it has also added some great security features to the service recently. myOpenID is run by JanRain, a company being a crucial part of the OpenID community.

Today myOpenID has announced the support of browser based certificates to prevent phishing attacks. Certificates are used by OpenID providers like Certifi.ca already, and it is a tried and tested way to prevent phishing. Unlike Certifi.ca (see review here) myOpenID is creating its own certificates. Just sign in to myOpenID with your username and password, enter a label for the certificate, click a button to create it, and you’re done. There will be a new certificate issued by JanRain in your browser. Authentication is working without a password now. Very convenient, very secure.

Other security measures of myOpenID include:

• Safe Sign-in and secure bookmarklet:

  With Safe SignIn enabled you’re asked to manually navigate to MyOpenID to login with your username and password if being redirected from an OpenID enabled site. With the secure bookmarklet from above you can open a new tab, click that bookmark, enter your credentials and then return to the previous tab to continue the login action you’re working on.

• Personal icon: Just add a personal icon to your profile site. If you don’t see it you are not on myOpenID. Quite simple. Just works with the browser you used for uploading the image, though.

Also personas have been added at some point. Or I have completely missed them when I first signed up to myOpenID. Anyway, personas are a great way to decide which information about yourself is provided to relying parties. For more information about personas see the blog post about German provider Xlogon.

Security is taken seriously by myOpenID and hopefully it is encouraging other OpenID providers to provide similar features or even come up with even more secure and innovative ones. I am looking forward to it.