Coming Soon

This service is currently under private alpha testing. For more information please contact team@pgpopenid.com

What is wrong with current username/password authentication?

  • Someone sniffs your password over an unencrypted LAN or Wireless connection. You lose.
  • Someone breaks into a site you use and obtains your password. You lose.
  • Someone uses your password or variations of your password to log into other sites you visit. You lose.
  • Someone brute forces your password. You lose.
  • Someone knows you well enough to simpily guess your password. You lose.
  • Someone steals your computer or laptop, and cracks your saved passwords file in your browser. You lose.

How is a PGP/OpenID Strategy any better?

This might sound crazy, but we intend to actually overcome most of the serious flaws in modern web-authentication schemes by utilizing a mash-up of PGP and OpenID technologies.

Here is how:

  • Password sniffing?
    • The way PGP works, your password never goes onto the network. You verify yourself with your own private key on your own system. You win.
  • Someone breaks into a site you use?
    • Thanks to OpenID your credentials are never stored anywhere but your own web browser and they only exist until the next time you close your browser or a specified time limit. The breach is limited to only that one site. You win.
  • Someone somehow obtains your password?
    • Useless unless they also have also stolen your private key from your computer or jump-drive. You can also change this password at any time and re-gain control, or revoke the key altogether. You win.
  • Someone takes us over?
    • Big deal. You or someone else can take the source code (that we will be releasing free) to set up another PGP/OpenID service for you to migrate to overnight. Regardless, no one has your authentication credentials as a result of our hypothetical take-down. You still have your private key un-touched on your computer and we never even saw it. You are not compromised. You win.

The only hypothetical way for someone to beat this we can see is for someone to steal your private-key off of your computer, and somehow obtain the private password that _should_ only exist in your head. Unless you willingly give up your private key password to someone AND that someone has obtained your off-line private key file, you should never be compromised. You win.

Where can I learn more about OpenID and PGP technologies?

For more information on PGP and how it works check out: PGP On Wikipedia

For more information on OpenID and how it works check out: OpenID On Wikipedia

For a list of some of the estimated 27,000+ sites that support OpenID (and that will by extension support our service) check out: The OpenID Directory and myOpenID's Site Directory

When can we use PGP/OpenID?

When our team decides it is safe enough for public testing

Stay tuned for public testing opprotunities.

If you are a developer interested in hearing more about or perhaps helping with our strategy please contact us at: team@pgpopenid.com