Del.icio.us was much discussed at a recent event I attended, and its success was traced to its effective expansion of core web-browsing functionality (fully portable bookmarks). I had always looked at delicious from a social/link-sharing perspective, and perhaps overlooked this more fundamental secret to its success.
I mention those two items together because I think the individual/company that solves the login problem — a web-based, secure, automatic login/password manager aka “fully portable identity” — will scale the web2.0 long tail and enjoy a similar “delicious” level of success. A p2p solution makes sense to me. When I think about me and a bunch of other folks dumping all our passwords into a single online repository, or “the most attractive hacker honeypot ev4r”, I get nervous. What would be neat is an application similar in concept to FolderShare, where you can log on to a website from an untrusted computer and have secure access to files you maintain on a trusted machine. IdentityShare would provide a web UI (for untrusted computers) and perhaps a Firefox plugin (for semi-trusted computers) that connects you to your personal database of login information on an as-needed basis, without creating a single point of attack for millions of sensitive logins.
In the absence of that, here are some links and recommended services, with hat tips to all who shared their thoughts.
from Greg Harris:
Roboform. There is a version that installs on a usb memory stick. It keeps all login and passwords and works with IE and Firefox.
from Ed Costello:
Microsoft is developing something called “InfoCard” which is another approach (you maintain an identity “card” on your system), unlike their first approach (Firefly, which was rebranded Passport when acquired by MS). Kim Cameron, the guy developing InfoCard recognizes that there’s other platforms than MS, though LiveID is based on a mesh of the InfoCard concept and Passport.
Also, the guys at Sxip have been pushing their system for “on demand identity management” for the past couple of years.
Google Account Authentication
Yahoo! Browser Based Authentication
You may also want to check out password safe. Works very well and uses a high-level of encryption (twofish) to store its data.
Update: The Sxipper has set sail! I will be giving it a try and hopefully have some thoughts to share…