I was just catching up on a few e-mails and was taken off to a relatively well known site where I needed to log in to participate. Fair enough – I can understand the need to authenticate. However, this site is one of those new fandangled sites that allows me to authenticate with any number of my pre-existing social media/email provider identities.
I’ve been to the site before, and I can remember what provider I used, but with so many options doesn’t Open ID lead to exactly the same level of identity fatigue over a period of time?
The site in question is Stack Overflow, but this isn’t their problem. Its a problem that we all have to deal with. I also don’t have any solutions. One that does seem pretty interesting is BrowserID.org which Alex Mackey, one of my colleagues talked about briefly at one of our events on Wednesday morning. It is yet one more federated identity solution where web developers surrender their authentication responsibilities to a third party provider so I’m not sure if it is going to solve the worlds problems.
One thing that concerns me is the concept that e-mail address == identity. Right now I have five e-mail addresses in regular use. Web-sites like LinkedIn do a lot to allow me to use each one of those e-mail addresses to connect to my single identity within their system. Most sites however only really allow you have one e-mail address associated with your account with them, and so when I move on from one e-mail address it might be difficult to reacquire access to those resources.
Anyway – just some random thoughts about the state of identity. If it is too hard for us geek folks, it must be an absolute nightmare for our end-users.