My Thoughts On OpenID
OpenID is a decentralized open source platform which allows people to create services to provide users with a single log-in/ID for the web. While I feel the platform has a lot of potential I do have some concerns regarding security and standardization of services/functionality.
My main concern is what these services are doing to protect your single online identity. If the goal of this project is to provide Internet users with only a single online identity which can be used on various sites, then I really do hope the securing of your data is bumped up a few notches than the norm. From what I have seen they do take extra measures (at least the services I looked at thus far). The way the current security is setup on a per account basis (on myvidoop – I’m not too sure about every other service) is that a user selects a three categories which they must remember the order selected and the category itself and enter in an access code which may not always be the same. Myvidoop offers a Firefox plug-in to help manage those access codes (passwords), in an attempt to help rectify the problem of remembering, but if that’s the case why not just use a traditional password manager?
My other concern is that of standardization since this is a decentralized platform and anyone can set one up what happens if you want to switch to another one of these OpenID providers? How does that work? I think the providers should have some kind of standards in terms of services they offer and one of those being a way to export your OpenID in a format which can then be imported into another OpenID provider which would eliminate the pain of switching if you should ever choose or have to.
While the whole decentralized platform is a good idea, it always makes me worried that a.) there could be an issue of phishing sites setting up these OpenID services and harvesting users information and b.) that these services can easily just disappear into thin air without warning.
For now, I think I’m just going to stick with the traditional user name and password methods of logging in to web sites.
Do you use OpenID? What do you prefer? Leave a comment!