Itqualityassurance
- What are the possible drawbacks of the OpenID system?
- What is a risk of using OpenID Connect?
- Should I use OAuth or OpenID Connect?
- Which of the following is are the benefit's of using OpenID support to login into multiple websites with single account?
What are the possible drawbacks of the OpenID system?
Cons of OpenID
OpenID provides users with authentication. There is no system for giving the authorization. That means the users only request that the provider sign in or set and delete the account. There is no authorization as there was in the OAuth.
What is a risk of using OpenID Connect?
Phishing. There are two common phishing attacks in the OpenID Ecosystem. Phished OP Page - A rogue RP can redirect the user to a phished OP page where the user will be tricked into entering their OP credentials. Realm Spoofing - A malicious RP can craft an authentication Request with an openid.
Should I use OAuth or OpenID Connect?
OpenID is used for authentication while OAuth is used for authorization. If authentication is the main goal, there is no better method than X. 509 digital certificates.
Which of the following is are the benefit's of using OpenID support to login into multiple websites with single account?
Minimize Password Security Risks
With OpenID, passwords are never shared with any websites, and if a compromise does occur, you can simply change the password for your OpenID, thus immediately preventing a hacker from gaining access to your accounts at any websites you visit.
