I’ll explain.

So I went out to the BibleApps site and clicked “Sign in”.

It presented me with signing in with Google/Yahoo/AIM/etc.

(Immediately, I think – oh no. This is going to open up a can of worms by unethical sites faking login pages.)

The reason being, for years – we have instructed people for security reason to NEVER give out their login information for site X when on site Y.

Now OpenID and Friend Connect changes all of that. Now, it’s “okay” to give out your Google/Yahoo login information when not on a Google/Yahoo site.

What concerns me is, how do we explain to people now that this is alright? And how do we prevent unethical people from capturing someones Google/Yahoo login information on a fake-login page and then pass that information onto Google/Yahoo?

Does that make sense?

I really like the functionality of Friend Connect and OpenID, and I’m sure it’s implemented in a secure way … what concerns me is that it now seems like it will be extremely easy for sites to “fake” a Google/Yahoo login page because we are now training people that it’s alright to give out your login credentials for a third party site (like BibleApps)