Why the world needs OpenID (and why it shouldn’t be totally universal)
OpenID is making big news lately, with companies such as Technorati, AOL, WordPress, and Microsoft behind it. This is nice and dandy, but how does it really benefit the typical, casual, internet user? A lot of people that I know, that claim to be ‘web 2.0‘-savvy, have dozens, or even hundreds, of accounts spread across multiple websites, with a large number of that comprised of simply registering an account to test out a new web 2.0 service. So, it isn’t too difficult to imagine that the need for OpenID is high in this particular space.
What about everyone else?
But, what about everyone else, who don’t have as many accounts spread across as many websites? I’ve talked to several people, and for a long time now, I know that they find it stressful to even have to remember a handful of passwords; for their email, Amazon, Yahoo, etc.
Today, actually, the topic of OpenID came up during lunch with a few friends who weren’t aware of any ‘web 2.0 movement’ going on, so it’s fairly safe to say that they are your typical web user. They were talking about how they have to memorize so many different usernames and passwords for different sites that they use, including Gmail, Google Calendar, and Flickr. This was when I brought up the solution of OpenID and how can it benefit us all, and I talked about the general spiel, such as how you can basically use a universal login for several websites without memorizing a separate username and password for each one.
Isn’t a universal login UNSAFE?
And then, one of my friends brought up the issue of using OpenID for banks, administration sites, corporate pages, and any other sites that require higher levels of security. What people need to understand is that OpenID will never be a totally universal login system – not the way it is now, anyways. It is definitely useful if it were to be implemented on such sites like email sites, photo sharing, social networks, etc. but that’s generally as far as it should go; corporate, admin backends, and any other sites with more sensitive data should still use their own login systems (which I’m pretty certain that they will continue doing that, but some people need to understand that OpenID won’t be taking over those responsibilities). It’s just common sense, too!
All in all, though, it’s great to finally see OpenID being adopted by so many websites. I’m currently working on an admin backend for some of my own sites, and those will definitely have their own login systems, but I’m also looking to implement OpenID in some of my own websites that allow open registration to the public, in conjunction with the already existing registration method.
Popularity: 13% [?]
Trackbacks
Use this link to trackback from your own site.
My concerns with OpenId are kind of similar to my fears of Microsoft passport … one key to unlock them all?
Chris, at least it’s decentralized, which is one of their primary focuses. When you choose an OpenID provider, just make sure that it’s not an evil corporation, then
Also, if you really are very paranoid, you can always make your own website an OpenID provider, meaning you provide yourself with OpenID services. Neat, eh? 
Truly is neat but I think I will keep some seperation between fun and money accounts just in case
Chris, that’s why I say to NOT use OpenID for money accounts!
I don’t care of OpenID has access to, say, my Magnolia account, but I wouldn’t give it access to my Wesabe account, for example.
Why not just stick to one username and password for each site instead (assuming your username is unique enough that it won’t get taken by someone else)?
[...] Why the world needs OpenID (and why it shouldn’t be totally universal) – King Gary OpenID的应用是一个趋势,但是openid帐号系统会被所有的网站完全接纳而放弃原有的帐号系统吗?不会。 使用Openid发表评论 — Trackback地址 本文发表于Sunday, March 11, 2007,归类在 文章收录. 收藏本文 [...]
Personally, I prefer Nic Wolff’s solution. He’s written a javascript bookmarklet that will generate a unique password for a site based on your “master” password.
It doesn’t suffer from the single-point-of-failure problem that OpenID does, but still lets me use the same password for every site.
There are several implementations of it. My favourite is from GFX Monk.