NY Times Article on Passwords – Further Thoughts

Following up on my earlier post, here are some other thoughts to consider.

In addition to making login as easy as a single click, UMID can simplify the process of setting up an online account on a new website. This process is generally referred to as “registration.” When you register on a website, you typically provide a name, email address, and maybe some of the following – nickname, gender, age, zip code, preferred language, time zone, etc. These “demographic” data elements allow the website operator to serve you better since they know a bit more about you.

As a registered user you can “personalize” your experiences on the website by setting preferences, saving activities, customizing the look and feel of the site, etc. It also then allows you to interact with the website operator and other people on the site via social functions like blogs, wikis, discussion groups, surveys, etc.

But here’s the rub, you have to re-enter a bunch of redundant information about yourself (name, email address, gender, age, language, zip code, etc.) on every website – tedious, error prone, and time consuming. So what if that same IDP (Google, Yahoo, AOL, Facebook, etc.) would let you, with your explicit permission, share that data with each website so you didn’t have to re-enter it at each new site? Well they can, its all part of the UMID service. And in some specific cases you might even want to share some pictures, a list of friends, your address book, your music/TV/news interests and preferences. That’s possible as well, but always and only with your explicit permission.

And the great thing is you can have all these benefits while at the same time reducing the risks of having someone hack your password, because you’re only sharing your password with your IDP, who is in the business of, among other things, protecting that ID. Companies like Yahoo, Google, Microsoft, AOL, PayPal, Microsoft, etc. are using sophisticated technology and procedures like the ones banks are using to prevent credit card fraud.

That’s not to say that every website isn’t doing the best that they can to protect your account. They are, but they don’t all have nearly the infrastructure that the major IDPs have, and you’re not sharing your password across hundreds, if not thousands of websites. For example, if you use your daughter’s middle name as your password on fifty websites, if someone figures it out on a local car dealer or newspaper’s website, they’ll then likely try that same password or something close to it on other websites that they think you might use. So your password is only as safe as the “weakest link” in the websites that you use.

And the problem is only getting worse. More companies, entertainment websites, non-profit organizations, government agencies, etc. are recognizing that the web is often both the most effective and inexpensive way to serve their customers/members/users. Individuals, especially in the younger generations, are also demanding faster, more comprehensive services 7X24 that can be best delivered via the internet. And in order to serve you better, each one of these sites is going to want you to register and login. So if nothing changes, you’re going to end up with more usernames and passwords, not less, as time progresses. This approach just doesn’t “scale” as they say in software development. Consumers need a better way to traverse the “authenticated web.” Companies have already figured this out with SSO solutions for their employees on their intranets, it seems logical that this should be happening on the open internet as well.

So now is the time to become familiar with UMID. Try it on some websites when you see it as an option. And if you become a fan, request it from the websites that you use. As more websites begin to deploy UMID options, and as more internet users demand it, we’ll achieve the momentum necessary to make this a standard part of everyone’s web experience.