Forgetting yet another username and password for a site, I started thinking about all the times I enter my personal information into websites across the world. I have more accounts than I can count; some I use for work; some are personal; some are used so infrequently I'm not sure I can remember what my usernames or passwords are; some accounts I've probably forgotten I ever created.
5 April 2009
So how as a web user do you manage all this? I know some people are tempted to use the same username and password for all their accounts, but as a former web developer, I am aware how shockingly easy it is to knock up a reasonable phishing site (not that I ever would) so I'm very cautious and manage multiple accounts for different sites. I would hate to have one account compromised that then allows access to the rest of my accounts on the web.
So what might be the solution? Well I'm hoping its along the lines of OpenID where you manage your identity centrally and allow sites access to the relevant parts of that identity. There are many benefits to both businesses and users for having a standard for account management - surely it must save costs for a business? It certainly gives a better user experience as you can get going on a site quickly without having the additional effort of creating an account every time.
Also what concerns me more is that for every separate account you create, your identity is sat on another database in some data centre somewhere in the world. That's just another place where your identity can be misappropriated or even lost from - there have been far too many occurrences of that in the UK recently.
I've had an OpenID since it was launched but so far the uptake with websites has been slow. So there aren't that many sites where I can use it - though having an OpenID option does influence which sites I choose. However, I am optimistic that OpenID is growing - Facebook and PayPal have just joined the OpenID Foundation Board. Earlier this year AOL, Google, Microsoft and Yahoo have signed up and implemented OpenID logins on some of their sites. If you want an up-to-date list of where you can use your OpenID then visit the directory on the OpenID site.
At the moment, the organisation I work for haven't considered using it with our systems and sites as we already have a single password synchronised across multiple systems, but it is certainly something I am keeping my eye on. I think if it becomes a more widespread way of managing identity the organisation will need to make it work along side our existing account management processes.
Now I realise that isn't completely foolproof as you're still open to phishing attacks and identity fraud, but it has to help us 'humans' who can only remember a limited number of pieces of information at any one time? Let alone multiple username and password combinations on top of remembering to call at the shop on the way home and buy milk.