Hopefully the future of logging in

Sep. 20th, 2011 08:37 am
andrewducker: (Calvin's Brain)
[personal profile] andrewducker


I was going to say "Now, if only they can get Microsoft, Apple, and Google on board", but actually, it works perfectly well without their browser integration, so let's just hope that websites start to pick it up...

More here
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2011-09-20 07:46 am (UTC)
From: [identity profile] momentsmusicaux.livejournal.com
Looks the same as 'log in with google' -- just more generic?

Date: 2011-09-20 08:05 am (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
Yup - the idea is that it's entirely federated and standardised, so you're not tied to Google, MS, or any other provider.

Date: 2011-09-20 08:05 am (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
Plus, of course, with the concept of multiple identities built in as standard.

Date: 2011-09-20 10:21 am (UTC)
From: [identity profile] momentsmusicaux.livejournal.com
Yup, that's what I meant -- not tied to one provider, and multiple IDs. Maybe I'm underwhelmed because I'm just thinking, 'So... this is the way it should have been all along. And...?'

Date: 2011-09-20 10:25 am (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
And it hasn't been! Because the closest we came was OpenID, and that never took off, because people don't think of URLs as being identifiers.

And now it hopefully will be!

Date: 2011-09-20 08:18 am (UTC)
From: [identity profile] heron61.livejournal.com
The fact that this allows multiple IDs is awesome and shows that some people are a whole lot more clever than the Google+ team at Google.

Date: 2011-09-20 10:45 am (UTC)
From: [identity profile] steer.livejournal.com
I'm not sure what this does that something like google multiple logins doesn't do? At the moment I can log into google services with a couple of IDs and transfer between them with two clicks (except there's a slight clunkiness with gmail in the circumstances where one of the ids is not connected to a gmail profile).

It's sort of nice to have it in the browser so you don't have to work out where the button is on a given website so it will be good to have it up in the browser rather than down on the site.

Date: 2011-09-20 10:47 am (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
You still need your password to log in with those though.

And this gives a standard that you can use on any site.

Date: 2011-09-20 10:50 am (UTC)
From: [identity profile] steer.livejournal.com
In theory you need a password. In practice they're cached in firefox sync (or local equivalent) across computers so I select the username from drop down and the password comes up automatically. I haven't actually typed that password since day one. Once signed in (and with "remember me on this computer") I stay logged in for a week or two. Then the cookie expires and I select the identities from drop down again.

I mean I guess then it gets around the theoretical problem that you could possibly set it up in such a way that you had to type a password -- but who would do that?

Date: 2011-09-20 10:55 am (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
It also means that you're not storing passwords in separate places (i.e. on your desktop, laptop, mobile), that you don't have to manage different passwords on different sites (if you're that kind of thing), and that if you have to blow away your browser installation, or use someone else's PC, then you don't have to remember them all again.

The less passwords I have to type on my mobile phone the happier I shall be.

Date: 2011-09-20 10:58 am (UTC)
From: [identity profile] steer.livejournal.com
It also means that you're not storing passwords in separate places

Firefox sync does this already though -- though it's not cross browser of course. So if I blow away my browser installation, I only need to find my firefox sync key (which I've carefully stored) and I've got all my passwords back. If I change a password from a linux boot on my work machine then my windows boot on my home machine knows about it automagically.

Don't get me wrong, I can see advantages to making this cross browser and pushing it higher up the chain to make it easier for web devs to do the multi-sign in right. In practice though, existing tools do 95% of this already.

Date: 2011-09-20 11:53 am (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
You've set up Firefox Sync. So have I. Care to guess how many average users have done so? Not to mention the hordes of people using IE?

Date: 2011-09-20 12:19 pm (UTC)
From: [identity profile] steer.livejournal.com
Well, firefox sync is a browser built-in now so every firefox user has the option and IIRC it pops up a "set me up" bubble when you start firefox for the first time -- so I guess anyone who can be arsed... For guessing how many average users will do so... I guess why would it be different to the users who will use the technology demoed there though which presumably also needs a central account to store stuff (or fails to work across machines in which case it's a big fail).

I presume other browsers have their equivalent and, in any case, these guys are demoing what they have written for a few browsers and saying they will try to get it working on other browsers at some point.

Date: 2011-09-20 12:37 pm (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
It's not browser dependent. The videos shows it working on an iPad inside the browser there.

Firefox is building support into the browser, but it's designed to work without any browser support.

Date: 2011-09-20 12:47 pm (UTC)
From: [identity profile] steer.livejournal.com
Hmm... you may be correct on this... the demo is kind of sketchy on that but they do seem to hint that there's a "pure html" solution.

Date: 2011-09-20 01:38 pm (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
Yup - and it works in IE and Chrome.

Date: 2011-09-20 10:59 am (UTC)
From: [identity profile] chuma.livejournal.com
So now if I lose my phone or laptop to a thief then not only have they stolen my hardware, but can access all of my info too? Not seeing a plus on this I have to say. Explain it to me?

Date: 2011-09-20 11:44 am (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
Same as any websites you had on your phone currently. If you were logged in when you lost your phone then you'd still be logged in. You'd have to go through the same faff of updating passwords - but only one per account now, rather than one for each site.

Can't really see how it's any worse.

Date: 2011-09-20 12:33 pm (UTC)
From: [identity profile] chuma.livejournal.com
This assumes I am logged in an absolutely everything or store all my passwords on the phone. You must agree that it does create a single point of failure though, yes?

Date: 2011-09-20 12:36 pm (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
Only if you choose it to. If you want to have lots of different identities then you have lots of different points of failure instead.

Date: 2011-09-20 12:21 pm (UTC)
From: [identity profile] steer.livejournal.com
I've got to agree with andrew there. If you're unfortunate enough to lose your phone/laptop with it unlocked/logged in you've got to assume all your passwords are gone right now anyway so I don't think it makes too much difference security wise.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

andrewducker: (Default)
andrewducker
My NotZen Website

April 2025

S M T W T F S
   1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 2223242526
27282930   

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags

No cut tags
Page generated Apr. 23rd, 2025 09:14 am
Powered by Dreamwidth Studios