Just one ID?

OpenID crops up quite often in the blogosphere. While I can see the point to a certain degree, there are also issues of merging upmteen accounts into one. Stephen Downes is a strong advocate, though I can see the points that Langhoff raises in the comments regarding security (particularly after the news of the loss of two crucial discs in the UK, and issues surrounding data in Facebook BBC and The Independent). Now, it seems that the idea of a Universal avatar is being worked on by IBM and Linden Labs.

3 thoughts on “Just one ID?

  1. I do have an OpenID account, but have found so few places supporting it that I think there is probably only one of my accounts affiliated with the OpenID account.

    As an alternative I use an open source programme called KeyPass to generate and track fairly random passwords. The KeyPass database is encrypted using one Master password, which I make sure is very long but rememberable, and this seems to work very well. Even if someone does manage to lift one or to sets of details through Phishing or hacking someone’s database or through incompetence on behalf of some system admin, the passwords are pretty unique, so the damage is limited.

    The Universal avatar could be interesting though…

  2. I’ve got a few sites that say that they use OpenID, but I haven’t really used it, due to the fact I’ve already got accounts on them…

    I’ve seen keypass – and the fact that it can run from a memory stick seems useful. However, I’ve already got a password protected access file with that sort of information in – and I’ve used http://www.sloppycode.net/tools/password-generator.aspx to generate readable, but gibberish, passwords. That combo works for me!

  3. Well, of course data security is a big topic but not only in the realm of OpenID. With OpenID though you also could choose a provider you trust plus you might be able to use stronger protection mechanisms than just one password such as a SSL certificate or even some biometrical device.

    Now I haven’t really red the spec (but should do so) so I am wondering if you bascially have access to all your users sites and account if you are the openid provider.

    For OpenID to take off of course more adoption is needed, that’s why I don’t stop doign advertising for it and asking every startup if they have implemented it already 🙂
    (some even do).

Leave a Reply

Your email address will not be published. Required fields are marked *