Bulletproof Website Logins With Verisign PIP

The Safer, Faster Surfing With OpenDNS post sparked discussion about phishing as well as other techniques utilized for the purposes of identity theft. Therefore, I thought I might post about a new, free OpenID service offered by VeriSign Labs that can be combined with a special Identity Protection Keychain Token or SanDisk Cruzer U3 flash drive in order to achieve two-factor authentication when logging into OpenID enabled websites.

What is PIP?

Personal Identity Provider allows you to manage your personal information online by providing a single sign on to multiple websites. PIP also provides the flexibility to share only the information you choose with each website. When you create a PIP account, you will receive a personal identifier in the form of a URL that you can use to sign in or register at any site that supports OpenID.

Manage your online identities with PIP

Use PIP to protect your information and share it with sites you trust. You can set PIP to track what sites you have shared your information with and for how long. You can choose to stop sharing information with a site you no longer trust. I use my VeriSign PIP identity with Plaxo to maintain continuous contacts and calendar synchronization across my personal Google Gmail, Yahoo! and Windows LiveMail accounts.

How to use PIP

Click the OpenID button to the right to sign up for and create a PIP Account. You will receive a personal URL that you can use on sites that show the OpenID logo. From the same browser you used to sign into PIP, visit one of the many sites that support OpenID and type or paste your URL into the Sign in area. Using your PIP URL makes it easy to register for a new account, or sign in to your existing accounts. If the site you are registering for requests information, you can choose which information you would like to share or keep private.

Integrate VerSign’s PIP into Firefox with The SeatBelt Extension

SeatBelt is a Firefox plug-in that assists you when signing in to OpenID sites with your PIP URL. Typically, if you are not signed into your PIP account when you access a sign in page using OpenID, you need to access your PIP account and sign in. Since you must do this within the same browser window, you have to navigate away from the page you wish to sign in to. SeatBelt detects that you have clicked on an OpenID sign in field while not signed into your PIP account and prompts you to sign in. Once you have signed in, SeatBelt automatically returns you to the OpenID sign in page with your PIP URL filled in. The sign in session continues as normal.
NOTE: I have discovered issues between the Seatbelt Extension and scripts on certain websites, this WordPress blog being a prime example. I have reported the issue to VerSign and recommend waiting on installing this extension until it is out of beta.

Adding two-factor authentication to OpenID

A VIP keychain token is an online security credential that you can use to identify yourself securely to participating online banks and merchant sites. A VIP credential protects your accounts and your identity by requiring a higher level of security when you conduct transactions online. To use a VIP credential, press the button on the keychain token to generate a security code that is unique to your credential. Then, sign in to participating online bank and merchant sites with your username, password, and the unique security code.

To obtain a VeriSign Identity Protection Keychain Token after obtaining your PIP credentials, click HERE. The token is currently $30 US plus a $6 S&H fee.

An alternative to the $36 VeriSign token is the $5 PayPal Security Key. This key can function with both your PayPal and eBay accounts as well as your VeriSign Personal Identity Provider ID. This is the device I use and recommend for anyone interested in adding two-factor authentication to their security practices..

A third option is to use a U3 flash drive. VeriSign has teamed up with SanDisk to enable your SanDisk U3 smart drive to work as an online security credential. You can use the VIP credential embedded on your SanDisk U3 smart drive to identify yourself securely to participating online bank and merchant sites. See the ‘VeriSign Identity Protection for SanDisk U3 Smart Drives’ page for complete information and usage instructions.

UPDATE: I have been playing catch-up with my podcast listening of late due to a more hectic than normal schedule. I just finished listening to Steve Gibson’s Security Now Podcast #107 where he reviews Verisign Labs’ Personal Identity Provider in detail. Please download and listen to his podcast as a supplement to this post. Also, the Solo Technology blog posted two articles relating their personal experiences with both OpenID and the security tokens. These articles are HERE and HERE.

Safer, Faster Surfing With OpenDNS

Question: I have noticed that load times when viewing a web site at work are much faster than what I experience on my home broadband connection. How can I improve the performance of my personal connection to more closely match what I get at my office?

Answer: At IOStream, we deploy our own DNS and WINS caching servers for all clients on the network, thus speeding access to computers, peripherals, or resources located on the Internet as well as the LAN. Furthermore, we utilize Microsoft’s Internet Security and Acceleration Server to filter and secure our network environment from internally- and externally-originating Internet-based threats. Obviously, this configuration is overkill for the typical home or SOHO (Small Office/Home Office) setup. So what is the answer for the target audience of this blog post? OpenDNS. To quote:

“OpenDNS is a safer, faster, smarter and more reliable way to navigate the Internet. Our service is free and requires nothing to download.

OpenDNS is safer

OpenDNS protects you from phishing – bad websites trying to steal your personal information. When you try to go to a phishing site, we let you know. We also let you optionally block adult sites as a category, or individual websites of any type. These services help you better protect those on your network from websites they shouldn’t be visiting.

OpenDNS is faster

You use DNS every time you use the Internet. The speed of your DNS service determines how quickly websites load for you. That’s why you want your DNS service to be blazing. OpenDNS is so fast because we run some of the largest DNS caches around and do it on our own high-performance network.

OpenDNS is smarter

The address bar is how you navigate the Internet. We make your address bar more intelligent. With OpenDNS, you can create shortcuts that let you type something easy-to-remember into your address bar and leap straight where you want to go. And we’ll correct your common spelling mistakes, on the fly. That means when you are typing fast and type yahoo.cmo instead of yahoo.com, you still get there.

OpenDNS is more reliable

Little is more frustrating than intermittent Internet outages. When your DNS service isn’t working, you can’t access the Internet. When you start using OpenDNS, your days of dealing with DNS-related downtime will be over. We know reliability is important, and we stand behind ours.”

The OpenDNS site maintains this page with links to configuration instructions for all devices and operating systems. Also, this PC Magazine review of the OpenDNS service provides even more in-depth information regarding this service.