A Single Sign-In for All Your Websites? Google Hopes So
It's one of the basic tenets of online security: Never use the same password/username combo for every website that requires one. The logic is sound, of course. A single security breach could expose your most private information -- such as banking and credit card numbers -- to the bad guys.
Problem is, who can remember multiple passwords and usernames? Many times I've signed up for a service, returned to the site a few weeks later, and quickly realized that I couldn't remember my login details.
Google and other major online players, including AOL, Facebook, Microsoft Plaxo, MySpace, and Yahoo, are pitching a simpler alternative: A single password/username combo, such as your Google or Yahoo ID, for multiple sites. The concept, based on the industry standard OpenID 2.0 protocol isn't exactly new. In fact, Google announced over a year ago that it would support the single single-in plan.
However, industry support appears tepid for OpenID, as many popular sites still don't accept an OpenID login. Perhaps that's why The Official Google Blog on Tuesday beat the OpenID drum, and gave a quick run-through of how the service might benefit Facebook and Plaxo users.
A Gmail user who receives an invitation to use Facebook or Plaxo, for instance, won't have to create a new account for those services, but rather can log in using a Google ID:
As the Google Blog points out, this simplified sign-in eliminates a tedious, multistep process for Gmail users who join Plaxo. It's more secure too. Verification (in this example) is handled by Google, so Plaxo never sees your username and password. "Since you don't have to enter your password on additional sites, your password remains closer to you and is less likely to be misused," writes Google security product manager Eric Sachs.
OpenID is a great idea, but wider acceptance is needed for it to become truly useful. I suspect that Yahoo, Microsoft, and Google aren't truly comfortable with a single sign-in approach for their key properties. Today, for instance, I can't use my Yahoo ID to sign into my MSN account, nor can I use my Windows Live ID to enter Yahoo Mail.
In the mean time, I better work on my memorization skills.
Contact Jeff Bertolucci via Twitter (@jbertolucci) or at jbertolucci.blogspot.com.
PC World
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
PC World
Powered by TwitterOn Twitter now
PC World
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
