Tell me. How many username/password do you have? How do you remember all of them? Are the IDs and password same across sites? How do you remember all of them? Do you change password very often? Do you write down your password in a book, or keep them in a spreadsheet or document, or use some password manager tools? How many username/password combinations have you already forgotten?
Let me tell you my situation here. I have accounts with my banks (India and US), a lot of email providers like Gmail, Yahoo, MSN, multiple accounts in my own domains ananthapuri.com, ananthapuri.in, spillai.com, domain and hosting providers, sites like fropper.com, friendster.com, blogger.com, orkut.com, del.icio.us, linkedin.com, various discussion forums, work company network, client network, etc.. Some of the blogs need you to even register in order to leave a comment or join discussions. This list is growing everyday. Friend, I am tired of this.
What happened to the single sign-on (SSO) initiatives for the web? When Microsoft bought passport.com years ago and came up with .Net passport, I expected that Microsoft would make it simple and many websites will use it. But that did not happen. AOL also provides a Screen Name Service in similar lines. I rarely see sites that accept either of them. I think these services are not meant for common use.
Nowadays Google also started using a single login concept. Once you login to Google, you can access GMail, Personalized Google homepage, Froogle, Google Reader, etc. and Orkut – a Google affiliate. Still this does not solve the problem, though this is a little move ahead.
Now I am looking forward to a free (like community based or open source based) service which identifies me in the Internet – my single identity for the cyberspace. Like the passport issued by countries, or like the Social Security Number in the USA or like thump impression. I should be able to use this identity in any website. This service should be provided free to all websites and users. This should not be monopoly of a company. This should be identity theft proof. I should be able to create different profiles for my identity – I may need one as my work profile, another as my blog profile and another id as my religious profile. All of them derived from my basic identity.
Is this possible only in science fiction stories? I hope not! What do you think?
At work we use a free password manager, CyberScrub KeyChain Password Manager http://www.cyberscrub.com/keychain and we really love it. here is some info I copied from their site:
Manage ALL Passwords with One Phrase. When you log on to KeyChain with your Master Pass Phrase you will have instant access to all of your password protected websites. Select your destination from a special list you have created- then simply “Click & Go”. It’s that easy! Each time you visit a site requiring a user name and password KeyChain auto enters this information and logs you in. It even prompts you to add these passwords to the program if you have not already done so. Never manually fill in credit card details again. Online shopping is a snap because KeyChain automatically enters your selected credit card details, Shipping and Billing address and more. All of your data is secured with strong encryption. Only you have access to the sensitive data within KeyChain. All information, including passwords, credit cards and other data, is protected with strong encryption algorithms. The USB flash drive also synchronizes with your host computer to back up your encrypted password list. This is an important feature should your PC crash or fail. You may also utilize the USB flash drive, if desired, for Dual User Authentication. This requires the user to not only enter the Master Pass Phrase, but also to plug the USB flash drive into their computer. Easy to use, backed award winning CyberScrub Customer Support.
Hacking target – I understand. I am looking for a new technology idea which is identity theft proof. I have no clue! Hope to see this happen one day and make life simpler!
The existing web identification systems are not hack proof. The password management tools are desktop based. You cannot access it from anywhere. And even if you use, you are still required to create id/password in each system and the tool will just remember it for you. So a lot of mess is there – especially for lazy people like me!
Though u listed the advantages of having such a system…let me take u thru the disadvanatages one may see. Here goes the things..
1. This single gateway no doubt will be the target all the hackers around the world! That means instead of keepin ur money in distributed places u keep in one…so one lost all is lost.
2. Practically It will be much difficult for companies like microsoft or other ppl to agree upon a single gateway authentication method.
The solution(not a foolproof one) could be u use a master password in ur Browser. i think a lot of plugins are there in the same lines!