OpenID and Password Managers

June 14, 2007 in Applications, OpenID, Security by Carsten Pötter | View Comments

Yesterday Richard MacManus has started an interesting discussion about online password managers like PassPack and Clipperz on his Read/Write Web blog. He asks:

But is managing your passwords enough of a ‘value add’ service, given that browsers do much of it already and OpenID is also solving some of those issues in the web 2.0 world?

It’s certainly very pleasing to note that he thinks OpenID will be able to compete with the well known method of signing in to websites – user names and passwords – soon. However the number of Relying Parties is still very small (see David Recordon’s and Brian Ellin’s slides of the Web2Expo). While OpenID has gained momentum this number has to grow significantly to make more users aware that a different and comfortable way of signing in already exists.

I also think that no one can force users to embrace and use any new technology; they have to join voluntarily. There will always be people who think OpenID was insecure, complicated, lightweight, uncomfortable or unnecessary. Those people will hopefully use a comfortable password manager which generates strong passwords and maybe even has an auto-logon feature. Usually password managers are also able to store other important data; just think of notes or even complete documents. OpenID can’t do that because it serves a different purpose.

OpenID and password managers will coexist – PassPack is even thinking about OpenID implementation – at long sight.

Tags: , , , , ,

  • https://www.passpack.com/ Tara (PassPack)

    Hi. Glad to see the article over at ReadWriteWeb is sparking some conversation.

    Without interconnectivity the web gets fragmented and less, well, web-like. So yes, I think the key is definitely integration and putting the user back at the center of their own online universe. Back in control of their data.

    You said: “I also think that no one can force users to embrace and use any new technology; they have to join voluntarily.”

    I couldn’t agree more.
    Cheers to you!
    Tara

  • https://www.passpack.com Tara (PassPack)

    Hi. Glad to see the article over at ReadWriteWeb is sparking some conversation.

    Without interconnectivity the web gets fragmented and less, well, web-like. So yes, I think the key is definitely integration and putting the user back at the center of their own online universe. Back in control of their data.

    You said: “I also think that no one can force users to embrace and use any new technology; they have to join voluntarily.”

    I couldn’t agree more.
    Cheers to you!
    Tara

  • Carsten Pötter

    I strongly believe that people should have choices to decide which services and which technology they use. Regarding OpenID, that doesn’t necessarily mean that each service has to provide login both with OpenID and user names and passwords. Companies on the web are competitive enough that there will be solutions for all users.

  • Carsten Pötter

    I strongly believe that people should have choices to decide which services and which technology they use. Regarding OpenID, that doesn’t necessarily mean that each service has to provide login both with OpenID and user names and passwords. Companies on the web are competitive enough that there will be solutions for all users.

  • http://passpack.wordpress.com/2007/07/03/passpacks-june-2007-press-roundup/ PassPack’s June 2007 Press Roundup « PassPack – The Blog

    [...] OpenID and Password Managers at Not So Relevant [...]

  • http://mainstream-guides.com/ Darrell

    Just finished writing two screencasts on two of the better password managers:

    http://mainstream-guides/keepass
    http://mainstream-guides/passpack

    Too bad all this discussion happened in June. I don’t think some of the most salient points got made.

    “The browser handles it.” Not very dependably – have you noticed? When it works, it’s only on one computer. If it’s at work, what about at home? On the road?

    If you *ever* have to remember or type a password, you won’t use a strong one, e.g., “6ydhx7pNjY.” If you’re foolish enough to try, how many times does it take you to get it right?

    If you want to use a strong password, where do you get it? Nearly all password managers have password generation facilities.

    I suspect Richard MacManus doesn’t use very many passwords, else he would be more sympathetic to the issues. That may well mean that he uses simple ones, or the same ones over and over. And he’s insecure about encrypted passwords moving over the wire?

  • http://mainstream-guides.com Darrell

    Just finished writing two screencasts on two of the better password managers:

    http://mainstream-guides/keepass
    http://mainstream-guides/passpack

    Too bad all this discussion happened in June. I don’t think some of the most salient points got made.

    “The browser handles it.” Not very dependably – have you noticed? When it works, it’s only on one computer. If it’s at work, what about at home? On the road?

    If you *ever* have to remember or type a password, you won’t use a strong one, e.g., “6ydhx7pNjY.” If you’re foolish enough to try, how many times does it take you to get it right?

    If you want to use a strong password, where do you get it? Nearly all password managers have password generation facilities.

    I suspect Richard MacManus doesn’t use very many passwords, else he would be more sympathetic to the issues. That may well mean that he uses simple ones, or the same ones over and over. And he’s insecure about encrypted passwords moving over the wire?

  • Carsten Pötter

    I couldn’t agree more. Hopefully more people are using password managers now, either online or offline. Some good screencasts on your site. :)

  • Carsten Pötter

    I couldn’t agree more. Hopefully more people are using password managers now, either online or offline. Some good screencasts on your site. :)

blog comments powered by Disqus

Page optimized by WP Minify WordPress Plugin