I think everyone has felt some time or another the frustration of having to deal with multiple passwords for the different sites you have signed up to. Which often leads to forgetting your password for this or that site, and having to regenerate it about every time you go to sign in to the site and you get a message like “Sorry, this password doesn’t correspond with this user account” ARGGHHHH!!! I was 100% certain that was my password!
One solution is to tell your browser to remember your login information for you, so that when you are presented with the login screen, you already have your username and password filled out for you. Well, though this could be a solution on a completely private computer, it however would expose your personal data if using a shared computer or if your private computer falls into someone else’s hands. So it probably ain’t the best solution. Another solution would be to have a place where you write down all your usernames and passwords for all the websites you have registered to, which though a little bit safer than the previous method, is still not 100% fool-safe and is also a big pain in the neck…
Well, to overcome this limitation some smart people started coming up with a solution that would let people sign into different websites with the same “credentials”, or rather with a “trusted provider”. This new protocol was named “OpenID”, and it certainly was a breakthrough idea at the time, especially since it was also an open-source technology. It never did become really popular among the general public though, because it wasn’t intuitive enough. But still it opened the way to the “single sign-in” experience. A lot of the big providers do use OpenID though even though you may not realize it. If you have a Google account, you have an OpenID account. If you have a WordPress account, you have an OpenID account…
Then the “big provider” era started. If lots of people haven’t heard much about “OpenID”, they probably have heard of Google, of Facebook, of Twitter… If they haven’t, they’re probably not the type that go onto the web too often or that sign into websites anyway. If an email address has already been verified by one of these big providers, we can pretty much trust their verification, so why not let someone sign into a website using an authentication mechanism from a big provider that tells you that yes, this email has been verified. That way people that use credentials often for Google or for Facebook and probably remember those credentials, don’t have to make new ones to sign into your website, they just sign in with their Google or Facebook account and there you go.
Well, this “account provider” solution has worked fairly well in the past few years, especially since the web has been becoming more “social”, this way of signing in with trusted providers was also a way of signing in with the “social container” providers, and opened up possibilities to making your own website more socially interactive, or making it interact with those social containers, giving your website more publicity, making a visit to the website more interactive and interesting and socially involving…
So we do have some interesting new technologies and some interesting advances in the way people interact with websites and with each other on the web, but these new advances still have their drawbacks. How do we deal with these drawbacks?
You can find more information on this here: http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in
You can verify your email for usage with BrowserID here:
If you use wordpress, there is a BrowserID plugin which will enable BrowserID (or Persona) authentication on your WordPress website: http://wordpress.org/extend/plugins/browserid/.
I just installed it myself (I also contributed an Italian translation), and it couldn’t have been easier. I got rid of Janrain and am using BrowserID instead, and suddenly my website is like ten times faster. Plus I don’t have to worry about third-parties standing in between and dealing with my users data.