On 01/30/2013 08:40 AM, Nux! wrote: > On 28.01.2013 13:07, SilverTip257 wrote: >> Google Auth >> http://www.noktec.be/archives/1351 >> http://zonereseau.com/en/post/two-factor-ssh-authentication-via-google-secures-linux-logins-392 >> http://prasys.info/2012/10/two-way-authentication-for-wordpress/ > How can one be concerned with security AND put his login at the mercy > of google (or any other 3rd party)?? It depends on what the 3rd party is doing. In the case of PKI, the 3rd party is providing an attestation service. This is normally good, and presents little risk to the user(s). Exposure to tracking usage would be if OCSP (online cert checking, I suspect I got the wrong letters here) is used. In the case of federated password identities and things like SAML and JSON, security CAN be good, but tracking is high. Disclaimer: I am in the 3rd party authentication business. I am involved with Verizon's UIS (do a Google search on it :) ) and PKI.