So I keep hearing about OpenID. Every couple weeks there’s another blog post about it and I learn something more. I just watched a video and now I’m ready to evangelize. OpenID is complicated, but if you can survive the initial complexity there’s something really cool happening here. Watch and learn, if you don’t have half and hour make it! This is the future of login:

This morning I had the pleasure of waking up with a phone call from my SSL provider trying to upsell me on EV certificates. You know someone is trying too hard when you can barely squeeze in short affirmations while they go on and on about how great their product is and how much money they’re going to save you.

The pitch began by rebuking me for not having put their security badge on the EV Certs (Extended Validation) are.

I have a technical background, and I know that once data is encrypted that creates a barrier against attackers. Once the encryption is in place the biggest whole in the system is human, and there’s no way to encrypt the security risks that individuals pose. Data encryption also reassures customers of a sites validity (not that they understand much about what is actually going on). So this new EV format is basically a marketing gimmick. They’ll give surfers an even greater sense of security by changing the browsers url bar green and charge an arm and a leg for something that doesn’t really add significantly to the actual security of the system itself.

The old feel good marketing tactic. I only wish there weren’t any merit in the customer assurance angle, then I could justify disregarding the whole matter out of hand. While born of good ideas and good intentions, I can’t help but feel like this is a high profile scam being perpetrated by a handful of high profile businesses to make money in a field that has become overly competitive.