|
Title: To All Service Providers: Please Decentralize Security! Post by: alexmat on June 20, 2011, 03:26:54 PM This is how every Bitcoin service provider or exchange should work:
https://exchange.bitparking.com/U/signup/.2Fmain Providers need to allow openid authentication. For the paranoid among us, we can run our own openid auth servers. For the lazy.. er practical, there is Google OpenID with 2 factor authentication which rivals anything most online banks provide: http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html I will give any company providing me the option to handle my own security through openid priority from now on, and I hope the community can see the wisdom in this and follows suit. Title: Re: To All Service Providers: Please Decentralize Security! Post by: garyrowe on June 20, 2011, 03:28:40 PM My project is going down this route.
Title: Re: To All Service Providers: Please Decentralize Security! Post by: alexmat on June 20, 2011, 03:29:51 PM Great! Make sure you take a look at this: http://code.google.com/apis/accounts/docs/OpenID.html#settingup
And when you launch, I'll be the first in line to check it out. Godspeed! :D Title: Re: To All Service Providers: Please Decentralize Security! Post by: LastReplaySC on June 20, 2011, 05:02:57 PM My project is going down this route. Give him some more SOMA! Title: Re: To All Service Providers: Please Decentralize Security! Post by: GeniuSxBoY on June 20, 2011, 05:19:11 PM :facepalm:
Title: Re: To All Service Providers: Please Decentralize Security! Post by: swinewine on June 20, 2011, 05:19:32 PM This is how every Bitcoin service provider or exchange should work: https://exchange.bitparking.com/U/signup/.2Fmain Providers need to allow openid authentication. For the paranoid among us, we can run our own openid auth servers. For the lazy.. er practical, there is Google OpenID with 2 factor authentication which rivals anything most online banks provide: http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html I will give any company providing me the option to handle my own security through openid priority from now on, and I hope the community can see the wisdom in this and follows suit. Check out http://www.Youtipit.org (http://www.Youtipit.org) I would like to hear what you think of our OpenId login system. Title: Re: To All Service Providers: Please Decentralize Security! Post by: garyrowe on June 20, 2011, 07:33:43 PM I'm considering providing a fairly detailed description of the security arrangements for the backend of my project here on this forum. The reasons for doing this are
1) it is a good way to get a lot of eyes onto the flaws in the system, 2) I don't believe in security by obscurity, 3) it will help others to create related services in a secure manner thus contributing to the overall impression of Bitcoin as a trustworthy platform on which to do business However, I'm concerned about doing this because 1) it is a good way to get a lot of black hats looking at the flaws in the system and keeping quiet about them until they can pounce, 2) sometimes keeping people in the dark can slow them down as they attempt to crack the system, So... I need some reassurance from the experts here that I should do this. At least 5 positive responses should be enough to convince me. BTW I have put considerable professional expertise into this design - it is not half-baked. |