OpenID is a good idea; you log on once and once you are logged on, you are authenticated against your active credentials. The idea is simple and it makes the password hell manageable.
Passwords are a pain because there are too many places where you have to maintain them. When the Wikimedia Foundation introduced Single User Logon, it was great because it replaced 435 websites where I had a password with only one password.
I want to reduce the number of places where I have to enter a password because this provides me with more control over my profile and my security. I would prefer it if I could use my banks strong authentication to authenticate to my OpenID.
The problem is I cannot. I love it when the BBC writes: "Easy login plans gather pace" but for me the reality is different. I do not care that Yahoo, Paypal, IBM, Google are a supplier of OpenID, I want them to accept my credentials when I log on to their website(s).
Support of OpenID means first and foremost that you ACCEPT authentication. What I want is OpenID everywhere including Wikipedia because otherwise it is just a distraction.
Thanks,
GerardM
2 comments:
(Warning: blatant plug)
Right on! OpenID should really about websites consuming IDs - not just being a provdier.
I'd also like to mention
Glynx - an OpenID solution that works p2p from your PC without passwords - so no server stores your userid/passwords anywhere.
Greg.
OpenID in it's current form looks like a security nightmare, as it's just asking for phishing traps.
You & I may not fall for it (though it's best not to be over-confident) but a less tech-savvy friend or relative just might.
Post a Comment