30 Comments

Summary:

Many companies have moved to a single sign-on approach for their employees within the last few years, so that workers only need to login once to access online systems like time and expense reporting, travel planning, and HR portals. The web worker who uses multiple web […]

Many companies have moved to a single sign-on approach for their employees within the last few years, so that workers only need to login once to access online systems like time and expense reporting, travel planning, and HR portals. The web worker who uses multiple web apps on the open Internet is left to her own devices to manage multiple user IDs and passwords, as the Web itself offers no single sign-on. This is both a security and a productivity problem, as web workers need to make passwords easy to manage and hard to crack. What’s a web worker to do in absence of Internet-wide single sign-on?

Brady Forrest of O’Reilly Radar writes about an increasingly popular way to manage your identity online, OpenID:

OpenID is an identity system that allows you to have one username and one password for multiple sites. Your username is an URL. The password is whatever you choose (and like all paswords you should keep it secret). There are several different configurations that you can use to have an OpenID

  • You can use an OpenID service provider and use the provided URL on their domain (e.g. yourname.vox.com)
  • You can run your own OpenID server on your own server with your own domain (e.g. yourname.com)
  • You can use a hosted OpenID service with your own domain (e.g. yourname.com). Learn how for your site or blog.)

Brady says that about 500 sites now support OpenID, but you’d have a hard time finding any of your favorite web apps on that list. Zoho now supports a single sign-on for all its online office apps, but that login is specific to Zoho, so doesn’t help you with your email or your online bookmarks or Ajax start page. Marshall Kirkpatrick of TechCrunch suggested that OpenID is “all too often a fringe looking grass roots effort” which doesn’t bode well for an Internet version of single sign-on.

Meanwhile, what’s the best way to manage your user ID’s and passwords online? Of course you can just store passwords in your browser, use the same user name when it’s available so it’s easy to remember, and cross your fingers that it will all stay safe. Or you could try some of the password management tools like PasswordSafe, PassVault Password Manager, or RoboForm.

How do you manage your identity online? Do you use a password management tool?

You’re subscribed! If you like, you can update your settings

  1. On the Mac OS X side, 1Passwd is a great choice and is very similar to RoboForm on the PC side (which is my choice there).

  2. oops, looks like I forgot to close a bracket :-)

  3. Keychain Access does a pretty good job of this and comes as part of 10.4. There is a quicksilver module for it, too, which makes finding passwords easy.

    Personally, I distrust applications that fill my password / info in for me. I like forcing myself to fill it in so I know what I’m giving to who.

  4. I use a hash generator bookmarklet. When on a site that requires a password, you click the bookmarklet and enter your master password. The bookmarklet takes a portion of the web site’s URL and your master password and hashes them together using a one-way hash. It then inserts the password into the password fields on the page.

    Instant high-strength passwords and all you need to remember is your master password.

    The problem comes in, however, when you sign up at one address and need to log in at another. Or when you have an offline companion to an online app. That’s when Firefox’s Show Stored Passwords function comes in handy.

  5. Oh, a link would probably be helpful…

    http://labs.zarate.org/passwd_new/ or http://www.angel.net/~nic/passwdlet.html

    Use one, not both. The passwords they create are different. The first one is better, the second is the original.

  6. Justin (and Adam), that’s where something like Roboform or 1Passwd is so handy. They both put a toolbar in your browser and don’t fill in any forms until you click on a button in the toolbar to do so. They both have a master password for security. And Adam, best feature is that you can have save multiple logins per page. So for example, I have 4 Gmail accounts. When I’m on the login page I just select the correct account from a drop-down menu in the 1Passwrd or Roboform toolbar that already knows I want to fill in a Gmail account and the correct sign-in info is put in. You can also save multiple identities so if you fill in forms in a certain way when you’re doing something for work versus your personal life, you can switch back and forth. I don’t mean to go on, but both of these applications have been lifesavers for me. I don’t know how I did anything online without them.

  7. My company has firmly embraced SSO although I don’t quite understand why I still need to remember 7 passwords :-(

  8. You link to openid.*com*, however, the right address is http://openid.net/

    cheers

  9. Or you could try Sxipper. Here’s an article I wrote about my Sxipper experience.

Comments have been disabled for this post