<\/p>\n<\/p>\n
When I first heard of the OpenID<\/a> concept back in 2006 it seemed like a novel idea that would go well with the increasing prevalence of web services and applications. Most of these services require registration, and who could possible remember different passwords for all of them without using a specialized tool<\/a>? Instead of using the same password for every site, OpenID presented a solution to allow you to organize your online accounts under one login, using the concept of Single Sign On (SSO)<\/a>.<\/p>\n It seemed like a daunting task. Up until that point, single sign on had had limited success on the web. Microsoft’s Passport system, since rebranded as Windows Live ID, had mixed success with popular websites such as eBay and Monster, and both of those eventually discontinued support. It appeared that they did not like having their user base under potential control and monitoring of a third party. OpenID aimed to solve that by being, well, open. Just as any website could support OpenID login, there could be a multitude of OpenID providers<\/em> that would allow you to obtain an OpenID-enabled URL<\/acronym>, which would form the basis for your online identity. <\/p>\n <\/p>\n With these benefits in mind, I quickly signed up for an OpenID account using myOpenID<\/a>, which is a popular provider run by JanRain. (JanRain was an early adopter of the OpenID technology) I mainly used it for my Zooomr account, but also used it to conveniently try out other websites that required registration but also supported OpenID-enabled login; not having to register for these sites was nice.<\/p>\n But having so many accounts under the umbrella of a single login is both OpenID’s biggest strength and weakness. Without OpenID, if you forgot the password to one of your accounts, only access to that website was affected – the same could be said if someone found out the password, so as long as you followed best practices by not reusing passwords. With OpenID, if you lose access to your single-sign on account, your entire online identity is potentially nixed. Additionally, the login process is a bit convoluted, and seems particularly susceptible to phishing attacks because of this.<\/p>\n \n I ran into this problem back in January. I went to login to my OpenID account and found that I had forgotten the password. I soon remembered that I had changed it during the holidays; this probably happened just before I fell extremely ill and was basically in bed for two or three days straight. Because of this and my stupidity of not associating an e-mail address with my OpenID account, I had completely lost access to it, and by extension, my Zooomr account, where I had a small collection<\/a> of photos. <\/p>\n I decided to contact the operators, JanRain<\/a> and explain my situation. Clearly, they would have no proof that I was the owner of the account, and would be well within their rights to ignore my requests. However, they were quite helpful – after asking me a few personal questions related to my account, they relinquished control back to me. Kudos to MyOpenID for taking responsibility even though the USEFUL service they’ve been offering has been free. From my experience, they clearly understand the responsibility of being a single sign-on provider in a globally-federated environment. <\/p>\n Obviously, the loss of my password and not bothering to associate an e-mail address with my account for recovery (which I have since done) were mistakes of my own that contributed to the predicament. But it does highlight the importance of keeping your online account secure, especially if it is a SSO account controlling access to a multitude of other online services. <\/p>\n Despite the potential pitfalls, OpenID support is growing. In addition to Yahoo becoming a provider<\/a>, it appears that Google, Microsoft and Verisign<\/a> will also be coming on board. With support from these big names, it appears that OpenID is here to stay. <\/p>\nConvenience, but watch out for the pitfalls<\/h3>\n
\nOpenID\/myOpenID: Access to many different websites, all from one login<\/span>\n<\/p>\nSupport is growing<\/h3>\n