What Does This Mean to Me, Laura?


Post Categories


What Does This Mean to Me, Laura?

Blogs

Signing in with ONE account

5th January 2009

openidOne of the most common complaints I’ve heard about using various web services and social networking sites is the need for multiple accounts; multiple user names, multiple passwords, multiple things to forget.  Who hasn’t used those handy “Forgot your password?” links at least once (or fifty) times?

The dream of many web users is the idea of having only one account to sign into multiple services.  (Nope, you’re not the only one to have thought of it.)  One mainstreamed answer to this need has been OpenID.  This allows you to sign into multiple web sites with just one set of login information.  OpenID is already in use by Google, Microsoft, MySpace, Yahoo, Plaxo and other major players on the social web.  But you haven’t heard of it, you say?  Unfortunately, OpenID has been tied up by several issues for some time, including branding discussions and poor usability.   It’s here, it’s in use, but apparently it can confuse a lot of people.

Another entity has solved the usability problems:  Facebook.  However, their solution is closed and proprietary, an internal solution that doesn’t use the OpenID platform.  This means, firstly, that you have to have a Facebook account to use it and, secondly, that it doesn’t play nice with everyone else using the OpenID standard.  However, their solution is much simpler.  Sites that are using Facebook Connect for logins just offer up a big blue button that the user clicks, and then signs in with their Facebook login information.

While OpenID is more available (at least for now), it can be confusing because it allows you to login to a site by typing in a URL, rather than a username/password combo.  The site then references that URL to get what it needs to log you in.  In addition, many people already have an OpenID and don’t know it.  Chances are you might be one of them.  Already have an account with Flickr, Blogger, WordPress.com, Yahoo or a host of others?  Then you already have an OpenID.  Surprise!  If you don’t have one but want to get one or start with another identity, go to MyOpenID.com.

Several high-profile web sites will shortly begin using the competing Facebook Connect service, including Digg, Hulu and Discovery.com.  There is already speculation that, if OpenID doesn’t work out the kinks, that it may never catch up to Facebook Connect.

What does this mean to me, Laura?

  1. If you require users to have accounts and login to something that is compatible with OpenID (e.g., a WordPress or Blogger blog), it would be a good idea to enable OpenID for those users who choose to use it.
  2. While Facebook Connect is probably easier to use, it is still dependent on the user having a Facebook account.  It also is part of a closed ecosystem that does not work with OpenID.
  3. Keep a close eye on these over the next several months; I’m betting there will be a clear winner by the end of 2009.
  4. To learn more:

Comments

  • Jim Kenzig
    Posted at 12:47 pm January 5, 2009
    Jim Kenzig
    Author

    I am really frightened of these type of services. It only takes one good hacker to get into their database and they have thousands (millions?) of passwords at their disposal. One other such service I tried is Myvidoop https://myvidoop.com/ which was OK but again left me uneasy. I certainly would not use it for any banking sites.

    I also started to play around with the financial (quicken type of sites) like Mint.com I added one bank account to it but quickly stopped using it after my web login to my bank account got locked out.

    There are some great applications for corporate networks like Citrix Password Manager that allow people to do this that are a little more secure but I still get very nervous having all of my passwords in one place.

    The best solution to remember passwords on the web is to follow this advice. Pick a keyword lets say Chicken.
    Now when you sign up for an account at a site lets pick yahoo add the name of the site after your keyword for your password. Chickenyahoo for example. Get it? If you know what site your are on you always know your password. If they require a number just put one that you like at the end or the middle Chicken1yahoo or Chickenyahoo1. Google would be Chickengoogle etc. etc.

    It works a charm.

  • Batarang
    Posted at 8:19 pm January 20, 2009
    Batarang
    Author

    I agree with Jim. Using some sort of personal algorithm seems to be the best option for me, and security experts like Steve Gibson agree (check the podcasts), although some more recent episodes aren’t throwing out OpenID as a viable, secure system of sign-on. A nice free utility that is also portable is KeePass.

Comments are closed.