Managing Your Identity on the Web


Many companies have moved to a single sign-on approach for their employees within the last few years, so that workers only need to login once to access online systems like time and expense reporting, travel planning, and HR portals. The web worker who uses multiple web apps on the open Internet is left to her own devices to manage multiple user IDs and passwords, as the Web itself offers no single sign-on. This is both a security and a productivity problem, as web workers need to make passwords easy to manage and hard to crack. What’s a web worker to do in absence of Internet-wide single sign-on?

Brady Forrest of O’Reilly Radar writes about an increasingly popular way to manage your identity online, OpenID:

OpenID is an identity system that allows you to have one username and one password for multiple sites. Your username is an URL. The password is whatever you choose (and like all paswords you should keep it secret). There are several different configurations that you can use to have an OpenID

  • You can use an OpenID service provider and use the provided URL on their domain (e.g.
  • You can run your own OpenID server on your own server with your own domain (e.g.
  • You can use a hosted OpenID service with your own domain (e.g. Learn how for your site or blog.)

Brady says that about 500 sites now support OpenID, but you’d have a hard time finding any of your favorite web apps on that list. Zoho now supports a single sign-on for all its online office apps, but that login is specific to Zoho, so doesn’t help you with your email or your online bookmarks or Ajax start page. Marshall Kirkpatrick of TechCrunch suggested that OpenID is “all too often a fringe looking grass roots effort” which doesn’t bode well for an Internet version of single sign-on.

Meanwhile, what’s the best way to manage your user ID’s and passwords online? Of course you can just store passwords in your browser, use the same user name when it’s available so it’s easy to remember, and cross your fingers that it will all stay safe. Or you could try some of the password management tools like PasswordSafe, PassVault Password Manager, or RoboForm.

How do you manage your identity online? Do you use a password management tool?



I used to use a PalmPilot, but I hadn’t backed up in a while and its battery died, leaving me with no record of anything (all my phone numbers and mailing addresses, passwords, and some e-mail addresses were only stored there). The aftermath convinced me that no automated password store will ever be trustworthy.

Now I have to say that I wish there was a trusted on the Internet where you could create a username and password that was safe and secure, but could be used almost anywhere as the only identity you need. Of course, it couldn’t be a commercial organization, because they would eventually start selling your information to marketers. It would need to be someone that everyone trusted to do the right thing.

But since no one is granting wishes, it is the spiral notepad for me.

Truly Equal

You know what I use? Firefox’s password master utility, on my personal computer of course. Only my wife knows my master password. And I NEVER store any password related to $$$ (bank, credit card, PayPal).

Another trick I use is just a portable USB drive with portable Firefox installed, again with the master password feature. The master password is changed frequently, and all pop-ups are disabled. I also run an antivirus, ClamWim Portable, straight of the USB, whenever I use the USB drive. No way do I want a virus to load while I’m browsing.

Just learn to use usernames and passwords properly. For instance, I organize my usernames based on tiers of importance. The most important tier, the $$$ section, has just 1-3 usernames and the toughest passwords. Lesser tiers, such as the newspapers and sites I read on the net, have 1-2 usernames and maybe 1-2 passwords, because I’m not as worried about those.

What I am worried is any “roboform” application that fills everything for you. Don’t be a lazy ass, just use your brain and prevent Alzheimer along the way!

Hope this helps.


LNXWALT…That is what I did until I misplaced my spiral pad and nearly had a heart attack…after about 2 hours of panic I located it but had to drive 45 min back to get it where I had left it! Then just to be safe I changed all my passwords in my book and vowed never to have it leave my house again!


I don’t use any automated tool. I have a small spiral pad that fits in my back pocket. One page has all the usernames and passwords I need at work (about thirty). The next page has my Internet usernames and passwords. Every two or three months, I tear out the old pages are rewrite with current information.

I have not found any automated tool that I trust enough to use for all fifty of of logon credentials.

Anne Zelenka

Thanks, Rutger, I changed it to

@Andy C: what’s up with that? you still have to remember seven passwords? Sounds like a seriously flawed SSO implementation!

@Jeremy, Island in the Net, Scottw: thanks for the links/info. All great stuff. This is clearly a topic that we should dig into more deeply at WWD. I’m especially interested in the Doc Searls article.

@Judi: sounds like you already have the makings of some reviews in your own use of the various password/form filler tools. :)


I’ve used RoboForm’s toolbar now for over a year and couldn’t live without it. I spend all day logging in and out of client accounts and my own. RoboForm allows me to press one button to go to a site, fill the appropriate username and password, and then submit the form. They allow up to 10 logins for free, I splurged and bought a license for $30 to handle about 65 logins. One of the few pieces of software I would ever call essential.

Andy C

My company has firmly embraced SSO although I don’t quite understand why I still need to remember 7 passwords :-(

Judi Sohn

Justin (and Adam), that’s where something like Roboform or 1Passwd is so handy. They both put a toolbar in your browser and don’t fill in any forms until you click on a button in the toolbar to do so. They both have a master password for security. And Adam, best feature is that you can have save multiple logins per page. So for example, I have 4 Gmail accounts. When I’m on the login page I just select the correct account from a drop-down menu in the 1Passwrd or Roboform toolbar that already knows I want to fill in a Gmail account and the correct sign-in info is put in. You can also save multiple identities so if you fill in forms in a certain way when you’re doing something for work versus your personal life, you can switch back and forth. I don’t mean to go on, but both of these applications have been lifesavers for me. I don’t know how I did anything online without them.

Adam Kalsey

I use a hash generator bookmarklet. When on a site that requires a password, you click the bookmarklet and enter your master password. The bookmarklet takes a portion of the web site’s URL and your master password and hashes them together using a one-way hash. It then inserts the password into the password fields on the page.

Instant high-strength passwords and all you need to remember is your master password.

The problem comes in, however, when you sign up at one address and need to log in at another. Or when you have an offline companion to an online app. That’s when Firefox’s Show Stored Passwords function comes in handy.


Keychain Access does a pretty good job of this and comes as part of 10.4. There is a quicksilver module for it, too, which makes finding passwords easy.

Personally, I distrust applications that fill my password / info in for me. I like forcing myself to fill it in so I know what I’m giving to who.

Comments are closed.