Managing Your Identity on the Web
December 21st, 2006 (8:32am) Anne Zelenka 30 Comments
Many companies have moved to a single sign-on approach for their employees within the last few years, so that workers only need to login once to access online systems like time and expense reporting, travel planning, and HR portals. The web worker who uses multiple web apps on the open Internet is left to her own devices to manage multiple user IDs and passwords, as the Web itself offers no single sign-on. This is both a security and a productivity problem, as web workers need to make passwords easy to manage and hard to crack. What’s a web worker to do in absence of Internet-wide single sign-on?
Brady Forrest of O’Reilly Radar writes about an increasingly popular way to manage your identity online, OpenID:
OpenID is an identity system that allows you to have one username and one password for multiple sites. Your username is an URL. The password is whatever you choose (and like all paswords you should keep it secret). There are several different configurations that you can use to have an OpenID
- You can use an OpenID service provider and use the provided URL on their domain (e.g. yourname.vox.com)
- You can run your own OpenID server on your own server with your own domain (e.g. yourname.com)
- You can use a hosted OpenID service with your own domain (e.g. yourname.com). Learn how for your site or blog.)
Brady says that about 500 sites now support OpenID, but you’d have a hard time finding any of your favorite web apps on that list. Zoho now supports a single sign-on for all its online office apps, but that login is specific to Zoho, so doesn’t help you with your email or your online bookmarks or Ajax start page. Marshall Kirkpatrick of TechCrunch suggested that OpenID is “all too often a fringe looking grass roots effort” which doesn’t bode well for an Internet version of single sign-on.
Meanwhile, what’s the best way to manage your user ID’s and passwords online? Of course you can just store passwords in your browser, use the same user name when it’s available so it’s easy to remember, and cross your fingers that it will all stay safe. Or you could try some of the password management tools like PasswordSafe, PassVault Password Manager, or RoboForm.
How do you manage your identity online? Do you use a password management tool?
30 Comments Post your own comment
Judi Sohn says: December 21st, 2006 9:22am
On the Mac OS X side, 1Passwd is a great choice and is very similar to RoboForm on the PC side (which is my choice there).
Will Sheward says: December 21st, 2006 9:50am
You should consider adding Agatra () to that list. Its worked for me for the last year as a ‘password vault’ and you can click right through to the service you’re attempting to access if that service is supported.
Will Sheward says: December 21st, 2006 9:51am
oops, looks like I forgot to close a bracket :-)
justin says: December 21st, 2006 10:49am
Keychain Access does a pretty good job of this and comes as part of 10.4. There is a quicksilver module for it, too, which makes finding passwords easy.
Personally, I distrust applications that fill my password / info in for me. I like forcing myself to fill it in so I know what I’m giving to who.
Adam Kalsey says: December 21st, 2006 11:01am
I use a hash generator bookmarklet. When on a site that requires a password, you click the bookmarklet and enter your master password. The bookmarklet takes a portion of the web site’s URL and your master password and hashes them together using a one-way hash. It then inserts the password into the password fields on the page.
Instant high-strength passwords and all you need to remember is your master password.
The problem comes in, however, when you sign up at one address and need to log in at another. Or when you have an offline companion to an online app. That’s when Firefox’s Show Stored Passwords function comes in handy.
Adam Kalsey says: December 21st, 2006 11:06am
Oh, a link would probably be helpful…
http://labs.zarate.org/passwd_new/ or http://www.angel.net/~nic/passwdlet.html
Use one, not both. The passwords they create are different. The first one is better, the second is the original.
Judi Sohn says: December 21st, 2006 11:33am
Justin (and Adam), that’s where something like Roboform or 1Passwd is so handy. They both put a toolbar in your browser and don’t fill in any forms until you click on a button in the toolbar to do so. They both have a master password for security. And Adam, best feature is that you can have save multiple logins per page. So for example, I have 4 Gmail accounts. When I’m on the login page I just select the correct account from a drop-down menu in the 1Passwrd or Roboform toolbar that already knows I want to fill in a Gmail account and the correct sign-in info is put in. You can also save multiple identities so if you fill in forms in a certain way when you’re doing something for work versus your personal life, you can switch back and forth. I don’t mean to go on, but both of these applications have been lifesavers for me. I don’t know how I did anything online without them.
Andy C says: December 21st, 2006 3:38pm
My company has firmly embraced SSO although I don’t quite understand why I still need to remember 7 passwords :-(
Rutger says: December 21st, 2006 4:37pm
You link to openid.*com*, however, the right address is http://openid.net/
cheers
Jeremy Latham says: December 21st, 2006 4:39pm
Or you could try Sxipper. Here’s an article I wrote about my Sxipper experience.
Island in the Net says: December 21st, 2006 4:53pm
Interesting article on Doc Searls on LinuxJournal discusses Single Sign-On and why the current approaches may never catch on.
ScottW says: December 21st, 2006 5:47pm
I’ve used RoboForm’s toolbar now for over a year and couldn’t live without it. I spend all day logging in and out of client accounts and my own. RoboForm allows me to press one button to go to a site, fill the appropriate username and password, and then submit the form. They allow up to 10 logins for free, I splurged and bought a license for $30 to handle about 65 logins. One of the few pieces of software I would ever call essential.
Anne Zelenka says: December 21st, 2006 7:42pm
Thanks, Rutger, I changed it to openid.net.
@Andy C: what’s up with that? you still have to remember seven passwords? Sounds like a seriously flawed SSO implementation!
@Jeremy, Island in the Net, Scottw: thanks for the links/info. All great stuff. This is clearly a topic that we should dig into more deeply at WWD. I’m especially interested in the Doc Searls article.
@Judi: sounds like you already have the makings of some reviews in your own use of the various password/form filler tools. :)
lnxwalt says: December 21st, 2006 8:25pm
I don’t use any automated tool. I have a small spiral pad that fits in my back pocket. One page has all the usernames and passwords I need at work (about thirty). The next page has my Internet usernames and passwords. Every two or three months, I tear out the old pages are rewrite with current information.
I have not found any automated tool that I trust enough to use for all fifty of of logon credentials.
GigaOM » What’s On GigaOM Network says: December 22nd, 2006 12:21am
[...] for Cell Phone Calls from 30,000 Feet?Will Consumer Apps Replace Enterprise Tools? Share/Send Sphere Topic: Asides Tags:none [...]
pebblecreekposse says: December 22nd, 2006 10:37am
LNXWALT…That is what I did until I misplaced my spiral pad and nearly had a heart attack…after about 2 hours of panic I located it but had to drive 45 min back to get it where I had left it! Then just to be safe I changed all my passwords in my book and vowed never to have it leave my house again!
melissa says: December 22nd, 2006 11:09am
Good article. I will keep all those things in mind
xabier says: December 22nd, 2006 11:11am
Interesante tema, así existiria más control en la web -understand? .)
Jason the Content Librarian » Identity: on the web and in the law firm says: December 22nd, 2006 11:52am
[...] In a somewhat related post, Web Workers Daily talks about managing your identity on the web using OpenID. I’ve been watching OpenID for awhile now, but haven’t seen any of my heavily used web sites implement it. But if the author of the original O’Reilly post is correct, and OpenID has a big year, it could mean big savings for organizations, and a much easier task for consumers to manage their many passwords. [...]
Truly Equal says: December 22nd, 2006 5:07pm
You know what I use? Firefox’s password master utility, on my personal computer of course. Only my wife knows my master password. And I NEVER store any password related to $$$ (bank, credit card, PayPal).
Another trick I use is just a portable USB drive with portable Firefox installed, again with the master password feature. The master password is changed frequently, and all pop-ups are disabled. I also run an antivirus, ClamWim Portable, straight of the USB, whenever I use the USB drive. No way do I want a virus to load while I’m browsing.
Just learn to use usernames and passwords properly. For instance, I organize my usernames based on tiers of importance. The most important tier, the $$$ section, has just 1-3 usernames and the toughest passwords. Lesser tiers, such as the newspapers and sites I read on the net, have 1-2 usernames and maybe 1-2 passwords, because I’m not as worried about those.
What I am worried is any “roboform” application that fills everything for you. Don’t be a lazy ass, just use your brain and prevent Alzheimer along the way!
Hope this helps.
lnxwalt says: December 22nd, 2006 10:35pm
I used to use a PalmPilot, but I hadn’t backed up in a while and its battery died, leaving me with no record of anything (all my phone numbers and mailing addresses, passwords, and some e-mail addresses were only stored there). The aftermath convinced me that no automated password store will ever be trustworthy.
Now I have to say that I wish there was a trusted on the Internet where you could create a username and password that was safe and secure, but could be used almost anywhere as the only identity you need. Of course, it couldn’t be a commercial organization, because they would eventually start selling your information to marketers. It would need to be someone that everyone trusted to do the right thing.
But since no one is granting wishes, it is the spiral notepad for me.
Zigzo Zlinks » Blog Archive » Links for the Day says: December 25th, 2006 10:03pm
[...] Managing your Identity on the Web (good article) [...]
Bill says: January 12th, 2007 6:49am
Visit this site:
Web-development in London
Acacia says: February 3rd, 2007 2:08pm
Not bad, it really can occur
Alzheimer says: July 29th, 2007 11:09pm
Alzheimer
Alzheimer
Panic Portal says: August 4th, 2007 3:36am
Panic Away
This brought me back from the Brink!
MyVidoop Tries to be Everything You Need for Login Security « Web Worker Daily says: October 1st, 2007 6:00am
[...] We’ve been trying to figure out a way of managing all that data, securely, for a while now. OpenID has been embraced by many as the answer. Take a website you trust and that knows you (even your [...]
Web Worker Daily » Archive OpenID: Is it Time to Care Yet? « says: January 18th, 2008 11:00am
[...] 18th, 2008 (11:00am) Mike Gunderloy No Comments We last took a serious look at OpenID about a year ago. At the time, we pointed out that “you’d have a hard time finding any of your favorite web [...]
Web Worker Daily » Archive OpenID Marches On « says: April 24th, 2008 2:00pm
[...] written about OpenID, the growing standard for universal login across web sites, several times. If you’ve gone to OpenID, two new developments are worth a quick [...]
The Center Of The Internet » OpenID Marches On says: April 25th, 2008 5:59am
[...] written about OpenID, the growing standard for universal login across web sites, several times. If you’ve gone to OpenID, two new developments are worth a quick [...]