Sciencetext Tips & Tricks
Blogging tips, browsing tricks and computing hacks

SQT: Anonymize Your Email Music Piracy All at Sea

Getting an OpenID

February 18th, 2008 · by David Bradley

Getting an OpenIDIs your list of usernames and passwords for all those web 2.0 sites you use getting longer and longer? Mine is! Not a day goes by without my having to create a new login. Wouldn’t it be great if we could all just create a single login for everything? A bit like Microsoft Passport was for logging into all Microsoft’s sites but without the Microsoft bit. In steps OpenID.

With OpenID you can log in to all your favorite websites using a single identity. More than that, it lets you prove you are the same person across all those different sites. Your OpenID carries with it your personal credentials, your profile, it’s an online portable karma utility.

So, how does it work and how do you get an OpenID?

Once you’ve got an OpenID identifier (which is basically a special URL) you can sign in to any site that accepts OpenID without the need to create a new account for each individual site. If you’re on LiveJournal, TypeKey, WikiTravel, GreatestJournal or Vox you already have an OpenID identifier.

If you’re on one of these sites (i.e. a hosted blog or site) your OpenID is embedded in your site and you don’t need to do anything. For example, if you have a WordPress.com blog, your OpenID is simply the URL of your blog http://yourname.wordpress.com/. If you see a login box like this on a site, you type or paste in your Wordpress URL (your OpenID) and follow the verification instructions.

OpenID signin form

If your blog address is http://matt.wordpress.com/ you’d type that into the signin form. Make sure you’re logged into your wordpress.com blog first though.

OpenID signin form filled

The next box you see will ask you whether you trust the site you’re visiting with your OpenID. Make sure you do, but if it’s a big name site you will be pretty safe. You can decide whether you want to make the trust permanent or go through the verification process each time you visit.

OpenID trust

So, where can I use my OpenID? Well, you can login to the Ma.gnolia.com social bookmarking site with OpenID, Drupal (which featured in Sig Fig’s UberGeek section recently), Mixx, Simpy, twitterfeed (lets you feed your RSS feed to your twitter account), Plaxo online address book, you can claim your blog on Technorati with OpenID. For a complete list of sites accessible with OpenID visit the directory at myopenid.com.

What about hackers? Well, unlike many past single sign-on systems, OpenID doesn’t rely on a central server with all its users information. Instead, the system is distributed and there are many distinct providers. You may have heard that Microsoft, Google, IBM, and Yahoo recently signed up to the OpenID system. As a potential OpenID user, you usually have to make a decision as to which provider you will trust with your information. Which is the most reputable and which is most likely to keep your data safest?

However, there is another way. If you’re not satisfied with the public providers, you can be your own OpenID provider because any URL can be your OpenID. All you have to do is add a few special lines to the section of one of your blog or website pages to define what the server for that ID is. Check out this post from the OpenID Foundation, for more information on being your own OpenID delegate or follow the OpenID recipe here here.

14 responses so far ↓

  • Deborah // Feb 18, 2008 at 2:23 pm

    David,

    I use OpenId for several of my online accounts. I wish more sites used it! I’m curious - what option did you choose for your OpenID, and why?

  • David Bradley // Feb 18, 2008 at 2:30 pm

    Deborah, so far I’ve only used OpenID for twitterfeed (with that I used a Yahoo account because that was months ago and was the default choice). However, I do have a Wordpress.com account and will most likely use that once the need arises, just because it seems so simple.

    db

  • Deborah // Feb 18, 2008 at 2:44 pm

    I have a WordPress.com account, but didn’t realize it could be used for my OpenId. I created my OpenId with myopenid last year.

  • David Bradley // Feb 18, 2008 at 3:56 pm

    For sure. I think it’s been part of Wordpress-hosted blogs for a long while now.

    What systems are other users using and why?

    db

  • Chas // Feb 18, 2008 at 6:24 pm

    Sounds pretty cool, it sounds like a token type of system??? I know it isn’t as slick as this but I use Password Agent…..it is manual but with all the different users and passwords I have, it works for me…

  • David Bradley // Feb 18, 2008 at 6:58 pm

    Chas, it’s been around for quite some time, but is only now really attracting the attention of the big players. It is a token type system, yes, but what it could mean ultimately is uniform login and ID across all the sites you use.

    db

  • Kevin Fox // Feb 19, 2008 at 8:14 pm

    I work at Vidoop and we have an OpenID provider (http://myvidoop.com) and a really cool ‘password agent’ plugin to store the login and passwords from sites that don’t support OpenID. The plugin is easy to use and ties in to your OpenID account. e.g. Login to your myVidoop account, then browse on with no need to worry about logging in anywhere else. Good bye to worries about key loggers and phishing attacks…

  • David Bradley // Feb 19, 2008 at 9:50 pm

    Thanks for the comment Kevin. If any readers have used Vidoop, perhaps they could tell us about their experiences with it. I wonder how it compares to a system like Passpack

    db

  • Tara Kelly (PassPack) // Feb 22, 2008 at 1:06 pm

    @Kevin — Hi. Yup, PassPack will become an OpenID consumer (not provider). We’ll also work towards better handling storage of OpenID’s alongside passwords.

    There are some changes in the works:
    http://tinyurl.com/2rojh2

    @David — The difference (Kevin correct me if I’m wrong) between Vidoop’s password plugin and PassPack is:

    * PassPack uses online storage, so anytime/anywhere access. There’s also a button to auto-login to websites regardless if you’re on your usual computer, or elsewhere in the world.

    * Vidoop’s button is a plugin with storage on your computer. It can be used from a single computer.

    In general, plugins are easier to use, so we’d like to release one as an extra, while still maintaining the online storage.

    **

    My 2c on Wordpress OpenID–
    I just wish they have the option to disable the OpenID feature. I use wordpress to blog, but I want to be able to choose if I want them to handle my identity, or not.

    Same goes for AOL, etc. People need to (1) be informed, then (2) make a choice.

    :) Tara

  • Kevin Fox // Feb 24, 2008 at 2:30 am

    @ Tara - the Vidoop plugin allows a member to store passwords locally or with myVidoop, whatever they choose.

    Cheres,
    Kevin

  • Tara Kelly (PassPack) // Feb 24, 2008 at 4:56 pm

    @Kevin - thanks for clarifying. Do people need to install the plugin to access their passwords?

    Also, are you able to see people’s passwords?

  • Kevin Fox // Feb 25, 2008 at 6:26 pm

    @Tara - People can manage their passwords just by logging in to their myVidoop account. Though the plugin would need to be installed for the auto-login and password saving to work.

    We are not able to see people’s passwords, they are all stored as hashes.

  • David Bradley // Apr 9, 2008 at 7:34 pm

    You can now use your Google account for OpenID

    db

  • David Bradley // Jun 23, 2008 at 3:02 pm

    If you’re not happy using your web address as your OpenID a new-ish system might be for you. EMAILtoID does exactly what it says on the can.

Leave a Comment

Comments are checked for spam before appearing, no need to post it twice.

Related Posts