One ID to rule them all
The daunting dream of a day when you’d need only one user name and password to traverse a multitude of Web sites is a little closer to real today. Yahoo announced its support for the OpenID 2.0 digital identity framework for all of its 248 million active registered users worldwide. Starting with a trial period that begins Jan. 30, those with Yahoo accounts will be able to use their ID for access to any other site supporting OpenID. The move will immediately triple the number of people able to use the system, which aims to become the standardized platform for decentralized, secure, portable identity.
Still, there’s a chicken-egg problem to get past first — to encourage more sites to participate, OpenID needs more active users, but to get more users active, more sites need to accept OpenID. Says Mark Evans, “The problem is that OpenID has become a lot like Bluetooth — it looks like a something that should really resonate with people but hasn’t panned out. My sense is you can have all kinds of big online players jump on the bandwagon but unless OpenID’s benefits are well-explained, it will continue to languish.”
I have gotten to where whenever a website or service wants me to register and set up a password, I just click away from it!
I’ve just tried to read any reasonable explanation of security tradeoffs… and OpenID still sounds very, very PHISHY. It doesn’t sound like a good thing to use. If anybody has some well thought arguments for it please post here.
Agreed, sites abuse the whole login thing these days to the point where I just avoid the ones who want me to register… there’s always an alternative that doesn’t require it.
They only do it out of laziness, they can’t be bothered to use more sophisticated spam prevention.