OpenID – protect your password and online identity

In your day-to-day Internet experience, you are required to sign in to various websites with your user name and password. Many such websites may not be safe and your password and identity may be compromised, more so if you are using the same user name and password on more than one websites. Moreover, it may not be practically possible to remember different user names and different passwords for a large number of websites especially if you are using complicated secure passwords which include special characters and numerals and also combinations of small and capital alphabets. What then is the solution so that you could have one common password and user name for a large number of websites without worrying about your password and online identity being compromised due to a less-safe website where you sign in? If one such common password could be used for a large number of website and with a common identity (i.e., user name), then you can easily choose a complicated and secure password since remembering one such password would not be that difficult. The only guarantee which should be available with such system must be that such common password should not be compromised by even one website where you sign in. The answer to all these requirements is OpenID.

The advantage of OpenID is that one user name and one password can be used for signing in to a very large number of websites, without worrying about the security and safety of the password / identity being compromised by any such website which does not use a secure system. The catch lies in the fact that your password is not disclosed to all such websites but is rather disclosed only to one website with which that OpenID is initially registered and which then confirms (online) your identity to such other websites at the time of signing in to such other websites. So, you may choose to associate information with your OpenID that can be shared with these websites that you sign in to, such as a name or email address, and you can thus control how much of that information is shared with the websites you visit.

The system of OpenID works like this. Your password is only given to one website which is your identity provider, and it is that provider which confirms your identity to the other websites where you want to sign in. Your password is thus checked only by one website which is your identity provider and no other website will ever get a chance to see your password while signing in or during your visit to such other website. So, there is no cause for worrying about an unscrupulous or insecure website compromising your identity or password.

Let us see in detail, how OpenID works in practice. Presume that you have already obtained your OpenID from some identity provider. Now, you want to sign in to a different website which support login by OpenID. When you visit such other site for signing in, you are presented with a screen similar to the one shown below:

You may notice here that this other website is asking you only to provide your OpenID and it is NOT asking you to provide your password. So, what you have to provide to this other site is ONLY your OpenID and NOT your password for the same.

After you submit your OpenID (and NOT the password) and click on the “Sign in” button, your browser will immediately take you to the website which had initially provided you the OpenID. Your OpenID provider thus receives a message to confirm your identity to the website where you wanted to sign in. Your OpenID provider then checks whether you are the same person who has been given that particular OpenID. If you are already logged in with your OpenID provider at that time, then your identity gets immediately confirmed. Otherwise, your OpenID provider asks you to confirm your identity by submitting your user name and password for your OpenID account. In this manner, your OpenID provider will confirm your identity as to whether you are the same person who has been provided with that OpenID.

The important thing to notice here is that your password has been checked only by your own OpenID provider and NOT by the other website where you wanted to sign in.

Further, your OpenID provider will also confirm from you whether you wanted to sign in to the said other website and whether limited information may be passed on to that website to confirm your identity. See, the following sample screen which may be presented to you for this purpose (this screen is courtesy OpenID Foundation):

You can choose to allow such information to be passed on to that website for one time only or for all future occasions also; or otherwise, you can deny such information being given to that other website. Please note that your password will NOT be passed on to such other website by your OpenID provider. Once you allow the said information to be passed on to such other website, your OpenID provider confirms your identity to that other website. And, thus, within a fraction of a second, you are signed in to that other website on the basis of the confirmation of your identity (i.e., your OpenID) by your OpenID provider, but without providing your password to such other website. All this process takes place online within no time.

In this manner, you are able to control your password to remain only with your OpenID provider (which would generally be a reliable and reputed site using a fully-secure system of password so that it could not be compromised; and, of course, you have the choice of choosing your own OpenID provider) and on the basis of that OpenID, you can sign in to a large number of websites which support the OpenID system.

It may be pointed out that as per the OpenID Foundation, OpenID is rapidly gaining adoption on the web, with OpenID enabled user accounts having already crossed the figure of over one billion and over 50,000 websites already accepting OpenID for logins. Many large organizations now either issue or accept OpenIDs. These organizations include Google, Facebook, Yahoo, Microsoft, AOL, MySpace, Sears, Universal Music Group, France Telecom, Novell, Sun, Telecom Italia, etc.

It is noteworthy that OpenID is decentralized and not owned by anyone. Anyone can choose to use an OpenID or become an OpenID provider for free without having to register or be approved by any organization. This system works on open source model. The OpenID Foundation provides the needed infrastructure and helps to promote and support expanded adoption of OpenID.

Some additional advantages of using OpenID are summarized as under:

• OpenID accelerates the process of signing in to various websites with a single click. And, your basic profile information (e.g., your name and location) can be stored centrally through your single OpenID and used to pre-populate registration forms.
• No need to maintain multiple user names and passwords. With OpenID, you can safely and securely use a single existing account (from providers like Google, Yahoo, AOL or your own blog) to sign in to thousands of websites with there being no need to create another username and password.
• You can have greater control over your online identity.
• With OpenID, passwords are never shared with any other websites. Even if a compromise does occur, you can simply change the password for your OpenID at a central location. Thus, you get maximum password security.
• If your OpenID has been obtained from a reputed OpenID provider such as Google, Yahoo, etc., you can expect a high level of security of your online identity. You can choose your own OpenID provider. In any case, getting an OpenID from these reputed providers is also free. For example, for getting an OpenID from Yahoo, visit this web page.

The OpenID is thus the fast, easy and secure way to sign in to websites without worrying about your password or online identity getting compromised. And, moreover, there is no need to remember too many user names and too many passwords. You have to just remember one user name and one good and strong password.

In view of the aforesaid reasons, the readers must take full advantage of utilizing the OpenID system for a safe and secure and hassle-free online activity.

• Joint OpenID project by US Govt and 10 big companies
• Forgot online password? Recover it from Firefox if you had saved it there
• Check strength of your password online
• Keep your passwords safe with KeePass
• Protect Word document by password or digital certificate
• How to protect your Windows computer with a password?
• How to select strong password?
• Password Strength
• How to keep your passwords secret in Firefox
• Protect passwords typed in browsers from keyloggers – KeyScrambler