EYEdentityOnline.com

As Michael Arrington at Techcrunch says, it’s hard to have too much sympathy when people give up their passwords to sites holding sensitive data, but wait… people are doing this every day on Web 2.0 sites all over the web! This site pulls in That site’s content and you need to provide your password to a page, applet, plugin, etc. to accomplish this. How many places are users entering their passwords? How many of those passwords match at how many other sites? Given how much data I can get from an aggregation site, how many sites do I need to compromise to seriously damage any given user? G-Archiver had way more than e-mail access. For some accounts there would be Google Payment information, Google Apps and all related content. Yikes!

So once again we come back to the sad state of authentication in the broader internet world. Sure banks may or may not have done something meaningful when pushed, but stop and think about all the sensitive data you have scattered around on sites that daily are getting “hooked up”. So what about the rest of the sites where we increasingly investing our time, our money, our data about our time and data… you get the idea. Whether you realize it or not, your online world is increasingly a federated world. Federation is great so long as there is solid authentication underpinning the master login. If not, federation is a terribly scary, easily and devastatingly compromisable thing.

There’s lots of noise around identity, some of it even touching on authentication, but not much. Microsoft buys Credentica. Cardspace plays with OpenID. Everyone is turning their logins into OpenIDs even though they aren’t accepting OpenIDs (does that mean they really adopted it or not?). Ping acquires Sxip. 47 new OpenID IPs launched while I was writing this article (ok, that’s an exaggeration).

However, I’m still managing my online security with Roboform in an encrypted volume protected by 2-factor authentication. Last count, I’m managing nearly 300 logins through that method most of which do not have matching passwords. Am I paranoid? Yes, clearly. Am I bulletproof? Nope. Do I want something better? Yup. TriCipher recently announced myOneLogin which has as part of its mission to bring strong authentication and reduced sign-on together. You can read more straight from them via Jon Brody’s interview about myOneLogin with IT Business Edge. Jon is TriCipher’s VP Marketing.

This entry was posted on Wednesday, March 12th, 2008 at 7:20 pm and is filed under Digital Lifestyle, Security, TriCipher. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.