Love OpenID, Hate Password? Get Your Password-less SSL Certificated OpenID From Certifi.ca

Submitted by kai on Tue, 2007-12-25 18:21. ::

Slowly, more and more sites have supported login using OpenID.

The selling point of OpenID is that you can use one login to access varies sites. This is very convenient. But I am worried about losing the same passwords for all the OpenID supported sites I access. There are so many phishing activities going on to steal passwords. I need something that's not password-based.

I came across Certifi.ca which is a password-less OpenID provider using SSL certificate for public key-based authentication. The basic idea is that you store your public SSL certificate(public key) and the private key in your browser. Certifi.ca identifies you by your public key, and uses your public key to encrypt communication between your browser and itself. Your browser with the private key is the only one that can decrypt the communication. There's no password needed!

So far so good? Ready to try it?

Certifi.ca doesn't provide clear instruction on using its service.

Here's my step by step guide:

  1. Get a SSL certificate from one of the supported certificate authorities and install it in your browser
  2. Go back to https://certifi.ca. It should recognize your browser having a valid SSL certificate. Then you can go ahead and register with certifi.ca. You'd be given your OpenID(something like http://certifi.ca/yourid)
  3. To test: go to a OpenID-enabled site like ma.gnolia, sign in using your OpenID

Tips:

  • Need to ensure that you successfully install a SSL certificate. In Firefox, go to tools => options => advanced => Encryption => View Certificate. You should see the certificate from whatever SSL certificate authority you pick. In my case, it's called "CAcert Wot User"
  • You should also back up your SSL certificate(In Firefox, go to tools => options => advanced => Encryption => View Certificate => back up). You may want to import and use it with different browsers

Tags: ssl certificate public key openid provider certifi.ca cacert.org

kai's blog
Sam Alexander
Everyone should hate passwords
Submitted by Sam Alexander (not verified) on Thu, 2007-12-27 17:11.

Hi, my name is Sam Alexander and I'm a developer working on another password-free authentication solution. Just thought I'd chime in that we agree that passwords are the weakest link in getting to "single-signon" paradise.

We dreamt up a multi-factor, password-free login system that works for OpenID and for Web 1.0 sites (with traditional usernames and passwords) using a small footprint browser plugin.

You can check it out at myvidooop.com

reply

Post new comment



The content of this field is kept private and will not be shown publicly.


*

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • WikiText is converted to HTML (supported WikiText formatting will show in the long tip format).
More information about formatting options
Verify comment authorship
Captcha Image: you will need to recognize the text in it.
*
Please type in the letters/numbers that are shown in the image above.