{"id":1116,"date":"2009-11-04T04:15:31","date_gmt":"2009-11-04T09:15:31","guid":{"rendered":"http:\/\/alsplace.info\/passwords\/1116\/forget-those-passwords-literally-thanks-to-openid\/"},"modified":"2009-11-04T04:15:31","modified_gmt":"2009-11-04T09:15:31","slug":"forget-those-passwords-literally-thanks-to-openid","status":"publish","type":"post","link":"https:\/\/alsplace.info\/?p=1116","title":{"rendered":"Forget Those Passwords – Literally (Thanks To OpenID)"},"content":{"rendered":"\n\n\n\n\n\n
\"TechTips<\/td>\n<\/tr>\n
<\/p>\n

Forget Those Passwords – Literally (Thanks To OpenID)<\/h1>\n

By Scott Nesbitt – October 11, 2009<\/p>\n

<\/a><\/td>\n<\/tr>\n

\n

You might recall a previous TechTip<\/a> that looked at software you can use to wrangle all of the passwords you have for your favorite Web sites and Web services. Those apps are a good solution, but what if there was a way to securely log into multiple sites using only one ID?<\/p>\n

That's not a pipe dream. And it isn't a matter of using the same user name and password for everything (remember, I said securely<\/em>). A technology called OpenID offers that promise, and is on its way to delivering it.<\/p>\n

What is OpenID?<\/h2>\n

OpenID isn't software. The OpenID Foundation<\/a>, a non-profit which works towards the adoption and spread of OpenID, describes it as a decentralized standard for user authentication and access control, allowing users to log into different services with the same ID<\/em>. Another way that people describe OpenID is single sign-on (SSO)<\/a>.<\/p>\n

OpenID, though, does one thing and does it well. It authenticates<\/em> users, confirming they are who they say they are.<\/p>\n

You don't need to worry about having a unique user name and password for each and every site that you need to log into. Instead, your login credentials (called an OpenID) consists of a URL – like http:\/\/MySecretID.myopenid.com\/ – that's yours and yours alone. An OpenID provider, a site or server that hosts your URL, ensures that your OpenID is authentic.<\/p>\n

The URL acts as a universal user name. The only password you need is the one that you use to log into your OpenID provider.<\/p>\n

Who controls OpenID?<\/h2>\n

No single individual, company, or organization controls OpenID. The technology behind OpenID is Open Source. There can be any number of OpenID providers. In fact, if you have the technical expertise you can set yourself up as a provider and run what's called an identity server<\/em>. You can learn more about doing that here<\/a>. That's also a double-edged sword, which I'll discuss in a moment.<\/p>\n

That said, it's not like the folks working on OpenID are lone programmers in the wilderness. A number of well-known tech companies back and support OpenID. Companies like Google, Yahoo!, VeriSign, and Sun Microsystems.<\/p>\n

Using OpenID<\/h2>\n

Using OpenID sounds difficult. It isn't. It just requires you to change the way in which you think about logging into Web sites and services. Luckily, that shift isn't a big one.<\/p>\n

First off, you need find an OpenID provider and sign up for an account. If you're looking for one, this is a good resource<\/a>. Most of the people I know who use OpenID tend to opt for one of the following providers:<\/p>\n