piersonthe.netAlternatives to your standard or common login procedure
Facebook. MySpace. Twitter. Foursquare. Your email client. All fairly different, but all have one thing in common. To get access to your friends/followers/the service you need to provide a username (or email address) and password. But is this the most efficient way. People who work in the security side of the IT industry say that it's not a good idea to have one password for everything - I (not that I'm suggesting I'm any kind of IT security expert) have said it to people who use the networks that I administered. But we all do it. It's not surprising that we do. We only have so much space in our heads for storing memories, so we use words or phrases that are easy for us to remember. I myself have two or three passwords and use combinations of those, depending on the requirements when we first sign up, be it that the password has to have a minimum length, or that it needs to contain at least one number or punctuation mark, or depending on how highly we regard the information that is stored within that service and want to keep it secret.
So what are the other ways that we can access these services? Some (such as large corporations) provide their users with a smart card to use with their workstation or a fob with an ever changing sequence of digits that are synchronised with a server deep within the bowels of the datacentre. Even Blizzard, the producers of World of Warcraft allow their users to purchase an authenticator to add that extra layer of security to their account. They've even gone as far as to produce applications for the iPhone or the Android phones that will produce this random sequence to make it easier.
These systems and procedures make it harder to crack the security of an account, but nowadays some services make it easier to provide authentication by outsourcing their logins to others. OpenID, OpenAuth, Single Sign On (SSO) are terms that are banded about and mean that rather than having passwords for each account, you have one username and password to remember, so you can make your password as secure as you can. OpenID is one such application; Facebook Connect is another. One web developer, Elliot Kember (@elliottkember) for example has taken to using Twitter as an authentication method on some of his web applications. It means that he doesn't necessarily have to store such things as usernames and passwords. As more and more people use sites such as Twitter and Facebook (and I think it's my dad who has neither) we're going to see more and more options to pass on the authentication of other sites to these. We already give them so much in terms of our data, so why not make them work a little for it?
