Making OpenID more palatable to users via IM and SMS
March 25th, 2008While I love the concept of OpenID, I refuse to use it as it requires me to enter a URL for my login. This is the most inane thing to do from a human interface point of view.
As I was daydreaming about software last week, and in particular how to get around this, I started wondering “what if a Jabber extension was created for OpenID?”
Think about this:
- User enters email into web site to log in
- System sends jabber message to user (where their email is their jabber id) asking if they want allow the login.
- User responds yes/no.
- System grants/denies access based on the response.
Now consider the modified version. The user opens their web browser. They tell the web browser to log into the jabber server and listen for messages on a specific jabber resource. Now all the user needs to do is enter there email for any OpenID site. (Maybe there is a way to get around the email entry too?)
One could also imagine a scenario which used SMS or other IM protocols. URLs definitely do not have to be the only identifier available to OpenID users.
There’s probably a whole host of issues with this, and I’m much too lazy right now to go research if its feasible via an OID extension, but I thought I’d throw it out there.
March 25th, 2008 at 4:57 pm
> User enters email into web site to log in
You lost me right there.
Specifically, I don’t want to give away an email address (which has *value*). That is the point of a OpenID URL: It doesn’t have value unless I choose to imbue that value to the profile… and I choose which profile to use based on how much I want to trust the site… only one of my profiles has my real email address on it.
March 25th, 2008 at 5:22 pm
Stevelle: I’m confused. I use my email to log into most websites these days. Couldn’t you just have different email addresses/jabber accounts for different websites?
March 27th, 2008 at 1:46 pm
https://me.yahoo.com/myhandle is an OpenID URL (replacing “myhandle” with whatever your Yahoo OpenID handle is). This is a host name (me.yahoo.com), a user name (myhandle), and 9 extra characters (https:// and /).
Your solution is something that looks like an email address, such as myhandle@me.yahoo.com. Your solution eliminates 8 characters but is otherwise identical. Moreover, as OpenID usage spreads, I would expect login forms to support dropping the https:// part by using it as a default, in which case your solution and the OpenID login are identical in length, and OpenID requires one less use of the Shift key (except for keyboards where @ is entered un-shifted).
I’ll submit that having to enter https:// is annoying. But that hardly seems worthy of making your solution insightful while reducing the norm to being “the most inane thing to do from a human interface point of view”.
March 28th, 2008 at 8:47 am
Hi,
Unfortunately IM is still attackable by keystroke recording
SMS is subject to lag and being in a cell area
Cheers Mark
September 16th, 2008 at 4:43 pm
Gay ass stretched to the max. Teen boy pleasures two dicks.
October 6th, 2008 at 12:07 am
Всё о ремонте: после ремонта ремонт автомобильных кондиционеров ремонт lcd коттеджи отделка ремонт система ремонта ремонт микроволновой ремонт psp текущий ремонт ремонт 2106 ремонт акпп
http:\\gooa.ru
October 23rd, 2008 at 11:35 pm
jugar al cyberland online…
gigabyte wreathes scenes …
November 6th, 2008 at 3:25 am
best nltexasholdempoker game…
winner assemblage.lowers,…