MyOpenID Security Features Released

MyOpenID Security Features Released

Release Date: March 28, 2007

Teaser:
JanRain announces the release of several new security features to help protect the identities of MyOpenID users, including secure bookmarklets and a frame busting code.

Things have been busy here at the JanRain World Headquarters but I’m excited to share some new features that we’ve recently launched.

Our latest release has re-organized some of the ways that dialogs are presented. Most notably, we’ve broken out the security features into their own pane to help lower confusion for users and make it easier to navigate managing your MyOpenID account. We have two new features (and one update) to talk about:

  • Secure bookmarklet: Under the “Security” settings panel you’ll find a link that says “special MyOpenID login” that is a bookmarklet that you can drag (yes, in your browser) to your bookmark toolbar. Once there, you can use that link (especially in conjunction with the Safe SignIn feature) to quickly navigate to the correct login screen where you can be safe in entering your credentials.
  • Frame busting code: I was at Yahoo! a couple of weeks ago giving a TechTalk (note: this isn’t an endorsement by Yahoo! of OpenID, they have people come in and talk about all kinds of technologies that they may/may not ever deploy) and Rasmus asked “do you have frame busting code on MyOpenID?” The answer then was ‘no’, today it is ‘yes’. There is an attack that will allow sites to capture your keystrokes (say from your password entry) in a hidden IFRAME. We now have the code in place to prevent this attack. Thanks Rasmus.
  • Safe SignIn updated: We also updated the Safe SignIn feature to allow you to continue the specific action you’re working on. With Safe SignIn enabled you’re asked to manually navigate to MyOpenID to login with your username and password if being redirected from an OpenID enabled site. With the secure bookmarklet from above you can open a new tab, click that bookmark, enter your credentials and then return to the previous tab to continue the login action you’re working on. The goal is to help make sure that you’re not entering your password into a site that might be trying to phish your credentials.

We also were notified of a security vulnerability that affected users of the Safari web-browser that was brought to your attention by Gareth Heyes. This was patched last week. Thanks for the heads-up Gareth!

The biggest concern we have with OpenID today is that of phishing. We’ll be releasing some new functionality in the coming weeks that should hopefully address that problem once and for all. Keep an eye out here for more information! In the mean time, thanks for helping make MyOpenID the premier OpenID provider.

About Janrain

The Janrain Customer Identity and Access Management platform helps brands build a unified view of their customers across all devices by collecting accurate customer profile data to power personalized marketing. The proprietary platform encompasses social login, registration, customer profile data storage, customer segments, customer insights, single sign-on, and engagement. Janrain powers customer identity management for brands like Pfizer, Samsung, Whole Foods, Fox News, Philips, Marvel, and Dr Pepper. Founded in 2002, Janrain is based in Portland, Oregon, with offices in London, Paris, and the Silicon Valley in California. For more information, please visit www.janrain.com and follow @janrain.

~Scott Kveton

Contact Us Free Social Login