As Devon Young and Berry point out, myOpenID does provide a range of security features including InfoCard and SSL certificate authentication, CallVerifID 2-factor phone-based authentication, and anti-phishing site verification images. Hopefully, over time, HealthVault will begin to accept more OpenID providers that meet their security requirements.

As Microsoft and others continue rolling out more OpenID-enabled services, and as OpenID providers expand their capabilities, the ecosystem will grow and evolve in ways that benefit all the stakeholders.

I work for Vidoop and we run a OpenID provider http://myVidoop.com which is resistant to all the forms of hacking that @Morgan and others mention. An OpenID account with a provider that has a two factor authentication system like Vidoop, Verisign, etc. is far more secure than a plain username/password.

@Eric Nelson +1

@Pandrogas We completely agree, where there is a will there is usually a way. We believe that the ImageShield which powers myVidoop is a good compromise. It gives you easy to use, solid, and reliable two factor authentication, without the need for any extra software or hardware to install.

The idea is really simple, provide a simple, but effective authentication point for users to use a multitude of services. I’m not going to purchase $40 flash drive to do that. There has to be a btter way, though I imagine that better way will also have to be able to track users through a system. Security becomes a major concern, but no matter how much security we have, someone can always break it. there needs to be a balance between ease of use and security and there will still be a human factor involved to help track down thieves.

Maybe this is why logins on larger sites like Google, Yahoo, and MSN are great for network wide logins, but getting them to play nice with each other is just going to be a pain in the but. Fragmenting the data makes it harder to track.

Security is always important. Sure, health data is more important than your social network. But security is a major issue for any application storing user data. If you can’t see the importance in that, maybe you shouldn’t be writing articles on web technology. (see what i did there?)

I’ll tell you what good it is. For every social network, blog, news service, or any other service where security isn’t a major issue, OpenID provides you with one login and one password. If you can’t see the value in that, maybe you shouldn’t be writing articles on web technology.

Yes there are possible security concerns, but as Simon said one of the beauties of the Platform is that you are able to choose your own security level and features from the provider. Using the Vidoop system, for example, requires a combination of browser verification, text/call ahead, and varying images to complete prevent any security concerns that may arise.

The problems that OpenID face aren’t security concerns, this is just an example of Microsoft being Microsoft, and doing anything but being open. Rather the issue is still with usability on the end user perspective.

The only hope is to do two factor authentication when a person is away from their home or office computer, and do it in a way that is easy (ie: one time code via telephone). There are a number of providers doing this, one of popular ones being TeleSign