KillerApp: Manage Logins Across Multiple Machines

100% Cotton
chezrump

I did a tally the other day and found I am tracking login data for over 135 web services. I have an acceptable method for automating logins on the computers I own, although even there some improvements could definitely be made, but lack a method to do this “in the wild” when I am not on a trusted computer.

Del.icio.us was much discussed at a recent event I attended, and its success was traced to its effective expansion of core web-browsing functionality (fully portable bookmarks). I had always looked at delicious from a social/link-sharing perspective, and perhaps overlooked this more fundamental secret to its success.

I mention those two items together because I think the individual/company that solves the login problem — a web-based, secure, automatic login/password manager aka “fully portable identity” — will scale the web2.0 long tail and enjoy a similar “delicious” level of success. A p2p solution makes sense to me. When I think about me and a bunch of other folks dumping all our passwords into a single online repository, or “the most attractive hacker honeypot ev4r”, I get nervous. What would be neat is an application similar in concept to FolderShare, where you can log on to a website from an untrusted computer and have secure access to files you maintain on a trusted machine. IdentityShare would provide a web UI (for untrusted computers) and perhaps a Firefox plugin (for semi-trusted computers) that connects you to your personal database of login information on an as-needed basis, without creating a single point of attack for millions of sensitive logins.

In the absence of that, here are some links and recommended services, with hat tips to all who shared their thoughts.

from Greg Harris:
Roboform. There is a version that installs on a usb memory stick. It keeps all login and passwords and works with IE and Firefox.

from Ed Costello:
Microsoft is developing something called “InfoCard” which is another approach (you maintain an identity “card” on your system), unlike their first approach (Firefly, which was rebranded Passport when acquired by MS). Kim Cameron, the guy developing InfoCard recognizes that there’s other platforms than MS, though LiveID is based on a mesh of the InfoCard concept and Passport.

Also, the guys at Sxip have been pushing their system for “on demand identity management” for the past couple of years.

Others:
Google Account Authentication
Yahoo! Browser Based Authentication
from JSZ:
You may also want to check out password safe. Works very well and uses a high-level of encryption (twofish) to store its data.

Update: The Sxipper has set sail! I will be giving it a try and hopefully have some thoughts to share…

About Jonah

Jonah Keegan helps companies manage pay-per-click marketing on Google, Bing, and Facebook; produce web content; conduct market or competitor research; and setup analytical systems to measure marketing yields. You can learn more at http://www.clicktruemedia.com/

Leave a Reply

Your email address will not be published.