Skip to main content

Some snippets about Verisign's Personal Identity Portal

Recently I stumbled upon Verisign's Personal Identity Portal - pip.verisignlabs.com. Though still in Beta, I found it immensely impressive as an all-in-one Personal Identity Management Service.
It has a cool feature named One-Click Sign In, which allows signing in to a host of websites including Google, Yahoo, Flickr, Youtube among many others. The login credentials for the respective sites are required to be submitted. These will be encrypted using the users passkey. The only caveat for this excellent service is that one has to take Verisign's word for it, when it comes to security and privacy of the login credentials. Having trusted Verisign fully with one's secrets, all that is required is Bookmarking the One-Click sign-in link provided after submission of the credentials. Clicking on the bookmark leads to a list of the added sites, clicking on any of the sites directly signs the user in, ofcourse one has to be signed in to pip.verisignlabs.com prior to that.
Another feature is the ability to create a Personal Identity Page with a unique pip url, where one can publish personal details like name, address, email, date of birth etc. that one wants to share publicly.
The pip url also acts as an OpenID for quick sign in to any website supporting openid.
Since pip.verisignlabs.com starts acting as a one stop shop for personal identity, it becomes important to protect the PIP account, as any compromise of the PIP account leads to compromise of all the accounts listed under One-Click sign-in, as well as compromise of the OpenID. As an extra security measure, Verisign provides an optional browser authentication certificate. Even if the username and password are compromised, unless the illegitimate user has the browser authentication certificate, it is impossible to gain access to the account.
If this is still not enough for some paranoids, then Verisign provides an added layer of security by providing an optional hardware security token for a nominal fee. It generates a secret key every 30sec which is required during every login. This should be more than enough to provide considerable peace of mind to the most paranoid person on this planet.

Comments

Popular posts from this blog

Force an application to use VPN, using iptables in Linux

Enforcing an application, for example a torrent client like Transmission, to always use the VPN interface or any particular network interface for that matter, is trivially simple using iptables on Debian, Ubuntu or any other GNU/Linux distro.
Personally, I am running Debian Sid on the Raspberry Pi. Occasionally I use it for downloading files ( legal stuff, seriously, believe me :D  ) using Transmission Bittorrent client over a VPN connection. Sometimes it happens that the VPN connection fails and doesn't reconnect for whatever reason and Transmission continues pulling stuff directly over my internet connection, which I would like to avoid. Fortunately it is very straightforward to enforce rules based on application owner UID. Transmission runs under the owner debian-transmission in Debian (use htop to check this) and the following two lines of iptables ensures that any process with owner having UID, debian-transmission, will not use any other network interface apart from the Open…

Some more fun with SSH port forwarding and socks proxy

Few days ago I made the following post:

Prologue: Our Institute has several nice Dual Core Machines deployed for the students. Unfortunately the machines are behind a NAT with no port forwarded for external SSH access. Student's hostel is a bit far off from the computational centre. As such if someone felt the need of accessing the machines during non-office hours, it was a wee bit difficult. The sysadmin would not have agreed to forward any ports. Something had to be done....

SSH has a very useful feature - Remote and Local Port Forwarding. We have an old rickety PIII running Ubuntu 8.04.1 in the Hostel, it is connected to the net and is accessible via SSH from the internet. Using a tiny little shell script running on one of the machines in the Institute, I managed to make the old PIII an intermediate gateway for gaining SSH access to the Institute's machines from anywhere in the internet. The script is of few lines, but nevertheless powerful enough to serve our purpose.

#!/bin/…

Raspberry Pi -- Installing Samba (Windows Share) File server

Having successfully run Debian Wheezy on my Raspberry Pi, I went forward with my initial idea of setting up a low cost power efficient file server for accessing my external hard disks from my Windows7 desktop, HP-Mini running Ubuntu and Mac Mini running OS X Lion (yeah I do like bragging about my machines :D ).

This turned out to be pretty straight forward.

As expected, the external Seagate USB disk immediately got recognized and appeared as /dev/sda
[ 579.948350] usb 1-1.2: New USB device found, idVendor=0bc2, idProduct=3001 [ 579.948384] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.948405] usb 1-1.2: Product: FreeAgent [ 579.948421] usb 1-1.2: Manufacturer: Seagate [ 579.948447] usb 1-1.2: SerialNumber: 2GEX323R [ 579.967638] scsi0 : usb-storage 1-1.2:1.0 [ 580.970520] scsi 0:0:0:0: Direct-Access Seagate FreeAgent 102D PQ: 0 ANSI: 4 [ 589.142942] sd 0:0:0:0: [sda] 1953525168 512-byte logical blocks: (1.00 TB/931 GiB) [ 589.144669] sd…