Failure of OpenId? Reply to Dare Obasanjo's Post

The following is my comment to Dare's blog post.

In my opinion, there is need for a similar service to OpenID for the sites that you are using regularly(everyday).

1. use the same username/password for multiple sites
Using same username&password is the similar thing of having OpenID but gives you a pain of retyping your credentials to each web site.(sometimes it is not only login credentials but your address, phone, photo, etc.). If you change one of your passwords(or other information), you have to go and change your password in all of your registered sites.

2. use their browser's ability to remember their password (enabled by default)
First of all, I use multiple browsers, computers and sometimes people use my browser(computer) as well. If I clear the cash(forget passwords) of my browser or use another computer, I need to sign all the web sites again.

3. don't register for the new site
I do agree on this, there should be a trial sign up with your OpenID. Like a temporary id in which you can use to asses the web site's quality and usefulness. Similar to Facebook Connect, user should be able to limit the information site can use.

4. don't ever log in to the site
In most of the cases you need to login to a web site in order to do something.

5. log in once, click "remember me"
Remember me writes your information to cookies and cookies have a lifetime. In addition it has similar problems in 2.

6. click the back button on their browser and never come back to the site
Happens every now and then.

7. maintain a list of user IDs and passwords in an offline document
That may seem a good idea for now but in my opinion this is not a good way. Updating this document is crucial especially if you have 100s of username password pairs. I never want to talk about losing that document, which is possible as well.

What is bad of having only one password and username?
In my point of view only problem of OpenID idea is one point of failure. If you lose your password, you are in trouble since one can access all the web sites you have access to with your privileges. On the bright side, once you think someone has stolen your password, you just need to change it on the main web site and it will affect all other web sites. Moreover, there are security solutions for logins; such as sending a confirmation SMS(text) into your mobile phone.

In the light of what I have said, having one set of username and password pair and being able to use it in many web sites is convenient for me as long as the provider is reliable and give additional privacy option for each web site that you will use it in.

Why did OpenID fail?
One of the problem of OpenID was marketing and bad implementation in my opinion like Microsoft Passport. Google and Facebook are doing this concept in a better way and I am using their service for a while.


Popular posts from this blog

Space Character Problem on IE 6, 7, and 8

Does Netflix work on iOS 5 Beta 4?

AWS encryption chart (SSE-S3 vs SSE-KMS vs SSE-C)