Alternatives to your standard or common login procedure

Facebook. MySpace. Twitter. Foursquare. Your email client. All fairly
different, but all have one thing in common. To get access to your
friends/followers/the service you need to provide a username (or email
address) and password. But is this the most efficient way. People who work in
the security side of the IT industry say that it’s not a good idea to have one
password for everything – I (not that I’m suggesting I’m any kind of IT
security expert) have said it to people who use the networks that I
administered. But we all do it. It’s not surprising that we do. We only have
so much space in our heads for storing memories, so we use words or phrases
that are easy for us to remember. I myself have two or three passwords and use
combinations of those, depending on the requirements when we first sign up, be
it that the password has to have a minimum length, or that it needs to contain
at least one number or punctuation mark, or depending on how highly we regard
the information that is stored within that service and want to keep it secret.

So what are the other ways that we can access these services? Some (such as
large corporations) provide their users with a smart card to use with their
workstation or a fob with an ever changing sequence of digits that are
synchronised with a server deep within the bowels of the datacentre. Even
Blizzard, the producers of World of Warcraft allow their users to purchase an
authenticator to add that extra layer of security to their account. They’ve
even gone as far as to produce applications for the iPhone or the Android
phones that will produce this random sequence to make it easier.

These systems and procedures make it harder to crack the security of an
account, but nowadays some services make it easier to provide authentication
by outsourcing their logins to others. OpenID, OpenAuth, Single Sign On (SSO)
are terms that are banded about and mean that rather than having passwords for
each account, you have one username and password to remember, so you can make
your password as secure as you can. OpenID is one such application; Facebook
Connect is another. One web developer, Elliot Kember (@elliottkember) for
example has taken to using Twitter as an authentication method on some of his
web applications. It means that he doesn’t necessarily have to store such
things as usernames and passwords. As more and more people use sites such as
Twitter and Facebook (and I think it’s my dad who has neither) we’re going to
see more and more options to pass on the authentication of other sites to
these. We already give them so much in terms of our data, so why not make them
work a little for it?

Leave a Reply