He didn't mention ISPs. He said email accounts were an example of lowered tiered accounts. I didn't understand that. To me, most email accounts are ISP email accounts and that is why I challenged his comment that ISP email accounts are massively hacked. I don't think they are.
As for OpenID, I don't see how that could be used to login into your ISP's say 10 to 25 email accounts that you have set up. I have to set up each email account I have (including my dslr email account) in OE, in SeaMonkey mail, and in Opera mail and I have to supply the password for each account when setting it up in these email clients that I use. I can't use any password for dslr mail except my dslr site password. As for my ISP's email accounts (10-25 available based on either standard or Turbo speed), I had to supply a password for each account when setting it up in Road Runner Member accounts page. The Master RR email account is never used as it has the user's name in it rendering it useless if you are the least bit privacy conscious as you cannot change that master account to remove your name and id from it. How would I use OpenID as a password for each of these accounts? It is not possible. I never type the passwords after setting up each account. My browsers that have email clients and Outlook Express remember the passwords. I avoid like the plague having to use RR webmail which AWFUL. I use SeaMonkey, Opera, and OE mail and I get all accounts including dslr in those email clients.
I still don't know what he is getting at and that is why I asked. Why would I need OpenID for email accounts? And how would OpenID make it easier than it already is to have SeaMonkey, Opera or OE check for new mail? I guess my puzzlement is due to his saying email accounts are "lower tier" and thus prone to hacking. My ISP has never had email accounts hacked as far as I know (although DSLR has been hacked and I am so thankful I was not one of the victims and I wish Justin would follow through on his promise to fix it since my password here is the same as my dslr mail password and we can't have a different password for dslr mail) and what does "lower tier" mean?
My point to him was that if you only type your ISP's mail accounts passwords when you first set them up and then you have your email clients (be that OE or web browsers, etc) remember them for you why would you ever be tempted to use them as your login on some website? I don't understand that at all. The only way a hacker could get your various ISP email account passwords would be if he/she hacked Road Runner gateway email servers or hacked RoadRunner User Accounts. I have never heard of that happening. I can see though if you have an email account here at dslr AND you used your dslr password at other sites then, sure, you could be in a world of trouble because Justin has still not fixed the problem. But how many people have email accounts at dslr and of those when this site was hacked most who posted in the thread about it said they did NOT reuse their password here anywhere else partly because it is same password for email here as for the site itself and it would be stupid to reuse it.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
not in ohio
said by Mele20:
He said email accounts were an example of lowered tiered accounts.
No he did not.
said by Krisnatharok:
Many people have lower tiered accounts compromised--say an email address and password.
An 'email address' is not 'an account'. An email address is an email address. Many sites that provide accounts use an email address as an identifier for an account, but that does not make the email address equal the account, nor does it make the account equal the email address.
By 'lower tiered' I assume he means an account you don't much care about: e.g., I have an account at crucial.com, identified (I think) by email address, because I needed to ask a support question one time. Or maybe he means an account at a site where they don't have industrial-strength security because they're not really dealing with high-value data (which is the same thing to me as an 'account I don't much care about'). Either way, I don't much worry about breaches there, but it would expose my email address, though not any password I cared about.