Stupid login tricks and the quest for single-sign-on
Today I spent an inordinate amount of time banging my head against Hour Magazine’s online registration system.
I had gone there to leave a comment on YULBlogger Dave’s review of the special-edition DVD of What The ßlSSp Do We Know…?, did the usual signup ritual, only to get an email back claiming that my name was not my “true name,” and that they didn’t accept “pseudonyms or virtual identities.*” Wha?
I’ve signed up for dozens of sites using A.J. Kandy and never once encountered a problem. What’s the deal with Hour.ca?
One, How does Hour’s server know what my “real” name is?
Two, What programmer would code a cockamamie system like this?
I understand that newspapers need demographic information they can give advertisers. The geodemographics game is so finely targeted now that you can target subsections of single zip codes if you want; I expect with uber-personalization, one day the flyers in the newspaper will be targeted to you and you alone.
But this is ridiculous. One one hand, how do I balance my right to privacy (and to even write pseudonymically, if I choose) vs. my desire for access to closed systems. And on the larger question, how else are you to prove that you are who you say you are, short of providing credit card or social security numbers (which themselves are not foolproof?)
There has been some push towards the goal of a universal single-sign-on system, one that would ideally balance your privacy rights with the owners of sites’ desire to collect aggregate demographic data; however, very few have gone beyond relatively limited spheres like Yahoo! IDs, TypeKey authorizations, or MSN Passport logins.
If such a system were to be built from scratch today, what features could it (and should it) have? I look forward to my readers’ cogent insights.
*And, it must be mentioned, when trying to view their name criteria page, their IIS server threw up a VBE error and died, so no help there.
Update: After human intervention, my signup was finally approved and my comment posted. Apparently the “real name” requirement is for Hour’s auctions and contests, where you need ID to pick up your winnings. I still maintain that it should have accepted my name at face value, and in any case, I wasn’t signing up for a contest, was I?
March 19, 2006 7:49 PM
Comments
I’ve seen it, but I haven’t heard much about it - and I’ve only seen it on LiveJournal as well. Now that they’re owned by Six Apart, the makers of Movable Type and TypePad, maybe they’ll integrate TypeKey there as well.
Gravatar’s a pretty good start, actually - simple, cookie-based. I have a feeling Google or eBay want to step into the “online ID brokerage” space, eBay certainly has the muscle to do it through their PayPal subsidiary, but then there’s the question of risk in case of hacking…do you want all your eggs in one digital basket.
wrote AJ Kandy on March 24, 2006 11:17 AM
Have you seen/used/heard about myopenID? I encountered it yesterday on a livejournal blog - the blog’s comment system allowed (1)livejournal ID, (2)myopenID or (3)utter anonymity. In other words, I couldn’t post with my name or (more importantly) my url unless I signed in - and after going through the whole process and getting a myopenID sign-in, I discovered that I cannot use myopenID as a link to my site, anyway.
I think there will come a day when there are truly universal WebIDs - something along the lines of the gravatar system, perhaps - that will allow people, regardless of affiliation, to interact easily. Ah, pipe dreams are such a blast :D
wrote Maggie McDonnell on March 23, 2006 8:37 AM