While I doubt that passwords would have been one of the top things that John Lennon would have liked to see the world without, I am sure that he wouldn’t mind the effort to eradicate this new menace of the internet. As more and more richly-interactive, Web 2.0 sites arrive, people need a way to log into them in order to obtain a personalized experience. The traditional way is to have a separate user account for each site. For best security, these accounts should all have unique passwords. From the websites that I visit on a daily basis, I counted nine sites that require a login. Add on top of that a near-uncountable number of accounts on sites that I visit rarely or only once and you can see where account proliferation starts to become a problem. Luckily for us, there are currently three popular ways to fight back against a heap of logins.
OpenID, OAuth, and Facebook Connect are all similar ways that let one login to a website without having to have set up an account for that site. They let you share one “master” account across multiple sites. As part of developing my new website, I am looking for a way to let people easily login (and save myself some work!). What follows is what I have learned so far about these services. OpenID and OAuth logins can be provided by any site on the internet (it is an open, free-to-join architecture, but contains giants like Google and Yahoo) while Facebook Connect is a service that works only through your Facebook account. To login to a site using one of these services, you are redirected to the website that holds your master account, asked to login there, and then returned to the original site. OpenID only provides for a way to login whereas Facebook Connect and OAuth allow for fine-grained sharing of information between sites. For example, you could connect your Flickr page to a photo-printing website using OAuth and share only a single album that you would like printed. You grant access only to that photo album – you don’t want the printer to be able to read your Gmail emails too! These services are not yet perfect but they are already an excellent alternative to a mountain of logins!
For further reading please look at this comparison between OpenID and OAuth, Google’s attempt to integrate OpenID and OAuth together, and StackOverflow’s experience with using OpenID for a year.
This is great stuff, but I have a question. Is this your own research? If yes, please make sure you indicate this somewhere in the text? If, no add a link to the original article. Also, it would make it even more valuable if you added a link to a reputable blog article or other reference material that provides material for further reading. Thanks for the post.