OpenID – The Good and Bad

Get the WebProNews Newsletter:

[ Business]

I’ve had some interesting conversations with people lately regarding OpenID. What is OpenID?

It’s 1 login/password for every site that supports it. As you may have noticed we’ve implemented it here in the comments and soon you will have to have an OpenID in order to leave a comment. Now Microsoft tried to do this with passport years ago and many websites including eBay tried it out. For whatever reason (trust issues with Microsoft? timing?) it didn’t work out. Typekey is a similar system and they’ve done a pretty good job but there still isn’t widespread adoption. Part of the problem with Passport and Typekey is that it is a centralized system. OpenID, for better or for worse, is a de-centralized authentication system.

Most of us have agreed that it would take some really big websites to implement OpenID in order for it to really gain some traction. Today Kevin Rose announced that they are moving to Openid to authenticate users. As usual, we are ahead of the curve, and have already done so. Try to keep up, Kevin. Even bigger than digg would be if WordPress would implement OpenID as part of the core package. This would have for sure launch it into the mainstream. Then again, there would be almost no need for there Akismet spam prevention system. (Shoemoney side-note: the false positives are really annoying me lately.)

Unfortunately, it’s not all roses, here’s 10 11 reasons OpenID Rocks and Sucks.

Here are 5 reasons why I think OpenID Rocks:

1) 1 ring to rule them all – why wouldn’t you want the ability to have 1 sign-in across all blogs?

2) Bye-bye comment spam.

3) Verify who is actually making comments. Many fake Matt Cutts’, Jason Calacanis’ make comments and require verifying IPs or other time-consuming checks when prolific people do comment.

4) MyOpenID’s (inaptly-named) affiliate system is a nice tool for developers and large site owners.

5) De-centralized authentication leaves no single player holding all the cards.

Here are 6 reasons why OpenID sucks

1) It is (as yet) too complicated for average website owner to implement.

2) The security implications of this type of cross-site authentication haven’t been fully explored.

3) OpenID doesn’t necessarily provide trust. Theres nothing stopping a fake Mark Cuban from creating a fake OpenID, or worse, a fake identity provider. This is the chink in the armor of the decentralized system.

4) Too confusing to users. "OK I want an OpenID. Wait..what is myopenid? Is that different from GetOpenID? Do I need to get an OpenID on all of them?"

5) Hackish implementations. For example, the wordpress plugin actually creates a local wordpress users behind the scenes. In my opinion, this is an unacceptable hack.

6) Lack of implicit strong authentication. An OpenID login is really only as strong as the identity providers authentication. OpenID probably should never, and will never, be used for financial logons for this reason. The flip-side is that if an IDP provides strong auth, then the OpenID is as secure as that link in the chain.

Want an OpenID? Get one here



Add to Del.icio.us | Digg | Reddit | Furl

Bookmark WebProNews:

OpenID – The Good and Bad
Comments Off
About Jeremy Schoemaker
Years ago I found myself on unemployment and in debt but with many service oriented websites. Determined never to work for "the man" again over the next several years I learned how to monetize those websites through donation, subscription, direct sales, contextual advertising and affiliate advertising. People say that I have a knack for seeing marketing angles that most people do not. I work hard, party hard, and have a relentless work ethic when something catches my interest.

http://www.shoemoney.com WebProNews Writer
Top Rated White Papers and Resources

Comments are closed.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom