Sunday, February 22, 2009

OpenID is a good idea, but how to use it really?

OpenID is a good idea; you log on once and once you are logged on, you are authenticated against your active credentials. The idea is simple and it makes the password hell manageable.

Passwords are a pain because there are too many places where you have to maintain them. When the Wikimedia Foundation introduced Single User Logon, it was great because it replaced 435 websites where I had a password with only one password.

I want to reduce the number of places where I have to enter a password because this provides me with more control over my profile and my security. I would prefer it if I could use my banks strong authentication to authenticate to my OpenID.

The problem is I cannot. I love it when the BBC writes: "Easy login plans gather pace" but for me the reality is different. I do not care that Yahoo, Paypal, IBM, Google are a supplier of OpenID, I want them to accept my credentials when I log on to their website(s).

Support of OpenID means first and foremost that you ACCEPT authentication. What I want is OpenID everywhere including Wikipedia because otherwise it is just a distraction.


Greg Rolan said...

(Warning: blatant plug)

Right on! OpenID should really about websites consuming IDs - not just being a provdier.

I'd also like to mention
Glynx - an OpenID solution that works p2p from your PC without passwords - so no server stores your userid/passwords anywhere.


Chris Watkins said...

OpenID in it's current form looks like a security nightmare, as it's just asking for phishing traps.

You & I may not fall for it (though it's best not to be over-confident) but a less tech-savvy friend or relative just might.