Yahoo throws weight behind OpenID standard
In one of the most significant moves yet in the growing push toward service interoperability on the Web, tech giant Yahoo announced Thursday that it is supporting the OpenID 2.0 standard for a universal Internet log-in.
No matter what your views of Yahoo's current stability may be, this is undoubtedly a big victory for OpenID. Not so long ago, the protocol was considered a dot-com/futurist pipe dream. OpenID was created by Web 2.0 guru Brad Fitzpatrick, who founded LiveJournal and was brought on board at Google last year as one of the most prominent players in its OpenSocial developer initiative.
OpenID is designed to facilitate single log-ins for multiple unaffiliated Web sites. Gradually, large sites like AOL and Plaxo have begun supporting the standard, but it remains a tool for the Web's early-adopter set rather than the online community at large.
But recently, fueled by debate over social-networking interoperability, universal standards have been one of the most buzzed-about subjects in Web 2.0.
Yahoo, which counts its registered users at 248 million worldwide, says that supporting OpenID will mean that OpenID-compatible accounts are available to a total of 368 million Web users. When Yahoo's support of OpenID goes live, starting with a public beta launch on January 30, this will mean that a Yahoo ID can be consolidated into an OpenID account that will be valid at all partner sites.
On the flip side, sites that accept OpenID will have the option of displaying a "Sign in with your Yahoo ID" button.
As more major Web players start to sign onto OpenID--and more casual Internet users start using the standard--there will inevitably be security concerns raised. Since OpenID has no central repository for identity management, users can choose which sites they trust with their OpenIDs. But that doesn't mean they're going to always make the right decisions. Sometime in the not-so-distant future, an incident or two will likely surface that will call into question just what universal standards mean for privacy and personal security on the Web.
This is an area to watch.
Caroline McCarthy, a CNET News staff writer, is a downtown Manhattanite happily addicted to social-media tools and restaurant blogs. Her pre-CNET resume includes interning at an IT security firm and brewing cappuccinos. E-mail Caroline.
- Topics:
-
Developer tools,
-
Social network and groups
- Tags:
-
Yahoo,
-
OpenID,
-
developers,
-
interoperability,
-
social media,
-
logins,
-
open source
- Bookmark:
- Digg
- Del.icio.us
We really need to keep track of who is on the Internet, OpenID will do that. Yahoo can record your personal info and issue an OpenID for other web sites.
Hell, you could even expand that between home and work, your night class at the Y and so on... LOL. Seriously, if you have the right security mindset, you should be OK. Just use a password that has nothing to do with anything. The password should be no less than 8 characters long, containing upper and Lower case, numbers and 'special characters' like 9@Do)1!H.
I use no less than 10 characters and have found that changing the passwords to my more important emails sites, etc - every 14 to 30 days is a good practice. Takes a couple minutes max per site (if that), but hell; I am already checking email there.
Example: There are thousands of people who use Shamrock as both the username and password. Shamrock is not unique, but email addresses are and you change change your email address at any time. If someone else comes along with a simple username/password combo and then edits the account, and possible change the password, the original account holder's account just got hijacked, by accident.
I've seen this happen with a large site I used to manage. We quickly changed to email address as the account name.
For example $h@mR0cK is a valid and secure password in most cases (not that I would use dictionary words for anything more than a name, never a password); the other security concern is unencrypted text files with names like MYPASSSWORDS.TXT or STEALMYIDENTITY.TXT. There should be a basic skills assessment for anyone wanting to buy a PC. Something that would at minimum make sure they understood, NEVER USE DICTIONARY PASSWORD!
The password issue you describe is only an issue if, e.g., Yahoo! allows users to create a Yahoo! account called "shamrock" with a password of "shamrock".
The usual "one problem with OpenID" is phishing.