Bitcoin Forum
December 06, 2016, 02:20:13 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: To All Service Providers: Please Decentralize Security!  (Read 1092 times)
alexmat
Full Member
***
Offline Offline

Activity: 210



View Profile
June 20, 2011, 03:26:54 PM
 #1

This is how every Bitcoin service provider or exchange should work:

https://exchange.bitparking.com/U/signup/.2Fmain


Providers need to allow openid authentication. For the paranoid among us, we can run our own openid auth servers. For the lazy.. er practical, there is Google OpenID with 2 factor authentication which rivals anything most online banks provide: http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

I will give any company providing me the option to handle my own security through openid priority from now on, and I hope the community can see the wisdom in this and follows suit.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
garyrowe
Full Member
***
Offline Offline

Activity: 124



View Profile WWW
June 20, 2011, 03:28:40 PM
 #2

My project is going down this route.

Bitcoin enthusiast and Java programmer contributing to https://multibit.org and http://bitcoin.stackexchange.com
alexmat
Full Member
***
Offline Offline

Activity: 210



View Profile
June 20, 2011, 03:29:51 PM
 #3

Great! Make sure you take a look at this: http://code.google.com/apis/accounts/docs/OpenID.html#settingup

And when you launch, I'll be the first in line to check it out.

Godspeed! Cheesy

LastReplaySC
Newbie
*
Offline Offline

Activity: 8


keep off the gras!!! that green stuff under feet?


View Profile WWW
June 20, 2011, 05:02:57 PM
 #4

My project is going down this route.

Give him some more SOMA!

Balance: 0.00990648 BTC Via Website  BitCoinPlus  @ 0.0000553 every 2.03 hours (CPU)How?

Cyber or E-Begger Tipp Jar: 'Giz a BTC': 1JhJzDhfLmkpQ9PnsTywFViYMXDrbK4uaf
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 20, 2011, 05:19:11 PM
 #5

:facepalm:
swinewine
Jr. Member
*
Offline Offline

Activity: 47



View Profile WWW
June 20, 2011, 05:19:32 PM
 #6

This is how every Bitcoin service provider or exchange should work:

https://exchange.bitparking.com/U/signup/.2Fmain


Providers need to allow openid authentication. For the paranoid among us, we can run our own openid auth servers. For the lazy.. er practical, there is Google OpenID with 2 factor authentication which rivals anything most online banks provide: http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

I will give any company providing me the option to handle my own security through openid priority from now on, and I hope the community can see the wisdom in this and follows suit.

Check out http://www.Youtipit.org I would like to hear what you think of our OpenId login system.

Tip me at http://utip.it/t/J1834 youtipit.org
garyrowe
Full Member
***
Offline Offline

Activity: 124



View Profile WWW
June 20, 2011, 07:33:43 PM
 #7

I'm considering providing a fairly detailed description of the security arrangements for the backend of my project here on this forum. The reasons for doing this are

1) it is a good way to get a lot of eyes onto the flaws in the system,
2) I don't believe in security by obscurity,
3) it will help others to create related services in a secure manner thus contributing to the overall impression of Bitcoin as a trustworthy platform on which to do business

However, I'm concerned about doing this because

1) it is a good way to get a lot of black hats looking at the flaws in the system and keeping quiet about them until they can pounce,
2) sometimes keeping people in the dark can slow them down as they attempt to crack the system,

So... I need some reassurance from the experts here that I should do this. At least 5 positive responses should be enough to convince me.

BTW I have put considerable professional expertise into this design - it is not half-baked.

Bitcoin enthusiast and Java programmer contributing to https://multibit.org and http://bitcoin.stackexchange.com
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!