WebProNews

OpenID should start gaining critical mass with the Internet-using public, now that several major Internet and tech players have latched on to the project. Google, IBM, Microsoft, Verisign, and Yahoo all joined the OpenID board as its first directors, the project disclosed today.

"The community has expanded quickly since the inception of the foundation, and these companies will help bring OpenID into the mainstream markets," Bill Washburn, executive director for the OpenID Foundation, said in today's announcement.

Through the use of OpenID as a single sign-on method, people don't need to use multiple logins at the various websites they visit. One OpenID login gets them in the virtual front door, wherever it is supported online.

OpenID is a free, open source technology. Any site that wishes to implement it may do so; today's announcement said over 10,000 sites and about 350 million OpenID-enabled URLs exist online.

Security pros find the challenge in security a balancing act between safety and convenience. We like the philosophy of OpenID, but we see some issues with it. For one, OpenID will be as secure for someone as they keep their login.

If it's placed on a sticky note and stuck on a monitor, one malicious person seeing it compromises the whole security model. When someone adds a second factor to OpenID, like a separate authentication token to generate a one-time code, we will be a lot more approving of OpenID.

Analysts at TBR raised security concerns as well. A single fake OpenID provider site could phish credentials from multiple sites using it to authenticate the sign-on. This possibility places the burden of verifying providers on the end-user.

The combined capabilities of OpenID's new board should be able to help address that and other potential problems with the system. You can bet the bad guys out there will provide plenty of challenges along the way.