Many companies have moved to a single sign-on approach for their employees within the last few years, so that workers only need to login once to access online systems like time and expense reporting, travel planning, and HR portals. The web worker who uses multiple web apps on the open Internet is left to her own devices to manage multiple user IDs and passwords, as the Web itself offers no single sign-on. This is both a security and a productivity problem, as web workers need to make passwords easy to manage and hard to crack. What’s a web worker to do in absence of Internet-wide single sign-on?
OpenID is an identity system that allows you to have one username and one password for multiple sites. Your username is an URL. The password is whatever you choose (and like all paswords you should keep it secret). There are several different configurations that you can use to have an OpenID
- You can use an OpenID service provider and use the provided URL on their domain (e.g. yourname.vox.com)
- You can run your own OpenID server on your own server with your own domain (e.g. yourname.com)
- You can use a hosted OpenID service with your own domain (e.g. yourname.com). Learn how for your site or blog.)
Brady says that about 500 sites now support OpenID, but you’d have a hard time finding any of your favorite web apps on that list. Zoho now supports a single sign-on for all its online office apps, but that login is specific to Zoho, so doesn’t help you with your email or your online bookmarks or Ajax start page. Marshall Kirkpatrick of TechCrunch suggested that OpenID is “all too often a fringe looking grass roots effort” which doesn’t bode well for an Internet version of single sign-on.
Meanwhile, what’s the best way to manage your user ID’s and passwords online? Of course you can just store passwords in your browser, use the same user name when it’s available so it’s easy to remember, and cross your fingers that it will all stay safe. Or you could try some of the password management tools like PasswordSafe, PassVault Password Manager, or RoboForm.
How do you manage your identity online? Do you use a password management tool?