Linked by Eugenia Loli on Fri 17th Aug 2007 02:22 UTC, submitted by randommsdev
Privacy, Security, Encryption Microsoft has announced the release of Windows Live ID Web Authentication. This means that WLID (formerly known as Passport) is now opened to third party websites to use as their authentication system. Any Windows Live user can potentially log in to a website that implements Web Authentication. Interestingly sample implementations are available in the Ruby, Python, Perl, and PHP open source languages amongst others -- tested on openSUSE 10.2 but expected to work on any platform that supports these languages. More details are available in the SDK documentation.
Permalink for comment 264153
To read all comments associated with this story, please click here.
RE[2]: And?
by steogede2 on Fri 17th Aug 2007 14:24 UTC in reply to "RE: And?"
steogede2
Member since:
2007-08-17

>> As far as I know, the sites that implement it never get your password. Microsoft simply tells the site that you are a valid live user.

What about Phishing? The website may say the password is going straight to Microsoft but how difficult is it for someone to setup a spoof site which accepts your username and password and then logs you in?

I am sure it is possible to over come most of the risk, however how do you train the users to spot phishing attempts?

Reply Parent Score: 1