I have too many passwords. Blogger (this thing), Facebook, Amazon, eBay, my bank…. the list goes on and on. Since I am a bear of very little brain, the likelihood of me reusing a password is quite big, and since most websites are a little bit bad at keeping information safe, one day someone will work out that one of my favourite passwords is … not worth disclosing here (I might need it some day).
I remember when I first got Muffett’s Crack running on a lab of Sun 4 workstations, I was highly amused to see some of the lecturer’s passwords (for example “yelnats” – first name backwards, or “brasenose” – name of his undergrad college). Crack is no respecter of position or status! So, we ask ourselves, what does all this UNIX fun of 20 years ago have to do with life on the grid nowadays?
Too many passwords, the pressure to create (and remember) lots of accounts (what was that password I created months and months ago so that I could look up flights for a friend?). The solution appears to be OpenID. Very simply, OpenID eliminates the need for multiple usernames across different websites (or as I’ve pointed out above, the same username and password – worse still). It came about as a bright idea from Brad Fitzpatrick, the developer of LiveJournal, who one day wondered why people couldn’t just say “rather than create yet another account, use my LJ credentials to log me in”. Very quickly this idea grew and now many providers, including VeriSign, and myOpenID, provide dedicated OpenID. You may already have one, if you have one of these providers. VeriSign also give you a little tool to sit in your firefox bar making the whole process point-and-click easy. It’s free, too.
You can use your OpenID on any one of a growing number of sites (nearly ten-thousand) which support OpenID. If one of your favorite sites doesn’t support OpenID yet, ask them when they will!
Here are some places you can visit to see where you can use your OpenID to log in today:
I think this is a good idea – rather than details being scattered all over the internet, then there is a small number of safe repositories that I trust, who will secure the information I give them, and then act as a trusted authenticator for all the other websites.