We spend a whole lot of time online these days. Whether it’s Facebook, Twitter, eBay, Gmail or any other online service that almost everyone and their granny know about.
But, most of the times, to use these web services, you have to create an account. I know it gets frustrating, but most of the times, there’s no getting around that every ubiquitous Sign-Up button. And with that, comes the ever present problem of having different combinations of usernames and passwords that you have to remember. In fact, this problem of having to remember different sets of credentials is so frustrating, that there are dedicated web services/applications like Safe In Cloud and Keeper to ease it up.
Now just imagine, how cool would it be, if you had to remember just one username and password, that would uniquely identify you on the entire Internet? Boy, that’ll be amazing. That’s what OpenID strives to achieve. Read on to find out more.
OpenID: One unified online identity to rule them all
OpenID is a way to consolidate all of your online identities on the Internet. It’s an open standard, whose development began in 2005 and which is currently supported by a large (and growing) number of web service providers. Basically, OpenID is meant to alleviate the problems that users face while authenticating themselves to different web services on the Internet. It allows the user to have a unique singular identification that works across all web services. It’s like having a digital version of any universally accepted ID proof such as a driver’s license, or a SSN.
How does OpenID work?
Although the core working of OpenID involves authentication protocols and stuff like that, its generalized operation can be summed up nicely as following.
- The user creates a unique OpenID account with any of the OpenID providers of his/her choice.
- During account creation, the user may optionally choose to associate helpful information with his/her OpenID. This includes Date of Birth, Gender, E-mail address, Cellular Number and stuff like that.
- The user is then provided with a unique OpenID, which is generally a URL in the format: https://<username>.<name of OpenID provider>.<TLD>. It is like a profile with the OpenID provider. To access/modify it, the user chooses a password, which is the only password he/she will ever have to remember.
- From now on, whenever the user wants to login to any website that accepts OpenID authentication, he/she will have to enter just that unique URL. After this, the website is redirected to the OpenID provider’s website with which the user has account.
- The user provides his/her password, and chooses how much of his/her public information that website can access via OpenID profile. He/She can also choose whether this authentication approval is one time or it should be required every time while visiting the same website.
- Finally, the user’s credentials are filled up on the website via the OpenID provider.
How OpenID ensures security of the user’s credentials?
- Only one entity apart from the user, that is, THE OPENID PROVIDER knows about the user’s credentials.
- The user completely controls how much of his/her information is passed on to the requesting website, on a per website basis.
- It’s easier to change just one password than to change passwords for fifty different websites.
Where to get myself an OpenID?
Well, there’s a couple of really nice OpenID providers out there. But here’s the thing. You may not realize, but you already have an OpenID. This is because a large number of web services have embraced the OpenID standard, including industry behemoths like Microsoft and Google. So if you have a Google account or a Microsoft account, its ID can function as your OpenID.
But just in case you want to have an OpenID account anyway, here’s a couple of services (I’ll probably be reviewing them in detail in subsequent articles)
- My OpenID (In service only till 02/2014)
- VeriSign Personal Identity Portal (Really good, backed by Symantec)
- ClaimID (Simple but efficient)
Conclusion
With so many web services these days, it’s a major pain to remember the authenticating credentials for all of them. OpenID holds the potential to solve this problem by consolidating our multiple online accounts into one unified online identification that is unique and hassle free. No wonder so many industry giants have embraced the OpenID standard, and many more are bound to follow suit. As far as future of online authentication goes, OpenID may well be the solution that every one has been waiting for, all this while.
What do you guys think about OpenID? Do you already have an OpenID account? Let me know in the comments below.