OpenID Alternative to Multiple Passwords

Posted on 2008/12/27 by dpx

A few days ago I wrote about some of the software I use for personal password management. Today I’d like to write about a movement that could very well replace the need for all those passwords. I’m talking about identity federation using OpenID. Identity federation simply means that a user can log into one site, and use that login as their identification for other websites.

Other sites then trust the one site for authentication, and then they have their own mechanisms for authorization. I use SignOn.com as my identity provider. The way this happens is as follows:

  1. Sign up for an account at SignOn.com and provider a custom username, which then turns into a URL (for example: http://myusername.signon.com)
  2. Head over to a website that support OpenID and put in the URL you were assigned as the OpenID username
  3. The website will use the last part of the URL (signon.com) to identify the identity provider
  4. It will then redirect your browser to the site so you can either sign on, or be given the okay to continue back to the requesting site
  5. Once you come back to the site, it validates your ID and adds an account using the URL as the username
  6. You continue to use the website without having to authenticate to them with a password

There are several benefits to this kind of authentication management. One benefit is that you are only trusting one site with a password to your account. If you make this password very secure and trust their service to be secure you are minimizing the chances that your password will be compromised as you put it into many websites. The second fringe benefit is, of course, that you aren’t entering that password all over the web.

Community Support

OpenID has been gaining traction for several years and may become one of the major ways we authenticate to the web in the future. There are OpenID plugins for WordPress (OpenID Plugin), Joomla (OpenID Plugin), and many many more. Nearly all the open source projects I use that have a plugin framework have a plugin that support OpenID federation for user management.

Programmatic Support

As a programmer, I’ve also taken a few shots at implementing identity federation. Some of the standards used in OpenID can be confusing, but once you have a thorough understanding of them, it becomes easy to implement. An understanding of Single Sign On (SSO) helps, and visiting OpenID.net’s Developer Resources area will complete the process.

This entry was posted in Information Security, Programming and tagged , , , , , . Bookmark the permalink.

Leave a Reply