I have several hundred usernames and passwords for all the various websites and services I use online. They include banks, blogs I write, services such as Basecamp, and shopping sites such as TradeMe and Amazon.
It’s bad form (and unsafe) to use the same name and password for all of them. But even if I wanted to, some assign passwords, and others require a minimum length of name, or that the password contain a punctuation character the others won’t allow.
Memorising hundreds of username and password combinations is just not feasible for most of us mere mortals, so something needs to change.
That’s where OpenID comes in. It’s an initiative that’s starting to take hold, with increasing numbers of websites taking advantage of it.
You first establish your identity with a trusted OpenID provider (free).
When you visit a site that needs you to log in, instead of creating or using a unique username and password just for that site, it sends you along to the trusted OpenID provider.
You log in there, confirm you wish to visit the site, and the OpenID provider and the website you’re trying to visit exchange confidences. After a moment or two you find yourself back at the original site, all logged in and ready to get on with your visit.
A real life comparison
The real life comparison is with the Reception desk at a secure building. You turn up at Reception, prove yourself, and sign in. The receptionist converses with the person you’re visiting and then gives you access to the lift and the office you’re trying to visit.
On the one hand, you don’t get to know the secret codes for the lift or the various doors. On the other hand, the person you’re visiting trusts the receptionist to make sure you’re not just some riff raff with no right of access.
The receptionist is playing the role of the OpenID provider.
Where to sign up
It’s very easy to obtain an OpenID, and in fact you may already have one without realising it. If you use Flickr, WordPress.com, Yahoo, or some other services, you may find you already have an OpenID.
At each service you use, try looking under Account or Profile options for any mentions of OpenID.
Where to use OpenID
Unfortunately OpenID isn’t yet universally available. About 10,000 sites have so far implemented it. They include Basecamp, Wikispaces, Ma.gnolia, Technorati, Wikitravel, WordPress.com and Geekspeakr.com.
Next time you log in to a site look for a link to an alternate OpenID login. You may find that before you can use an OpenID login you need to go into your account settings on that site and provide your OpenID information.
It sounds like a bit of a hassle at the moment, but as more and more sites transition to using OpenID it will become easier and easier.
It’s worth signing up for OpenID now and claiming a good name.
Simon Willison gave a very interesting talk at Webstock 08 called OpenID and decentralised social networks. You will need a broadband connection to download audio or video of his talk.
Written for and reproduced from CommunityNet Aotearoa Panui, April 2008.