Identity Fatigue

I was just catching up on a few e-mails and was taken off to a relatively well known site where I needed to log in to participate. Fair enough – I can understand the need to authenticate. However, this site is one of those new fandangled sites that allows me to authenticate with any number of my pre-existing social media/email provider identities.

I’ve been to the site before, and I can remember what provider I used, but with so many options doesn’t Open ID lead to exactly the same level of identity fatigue over a period of time?

image

The site in question is Stack Overflow, but this isn’t their problem. Its a problem that we all have to deal with. I also don’t have any solutions. One that does seem pretty interesting is BrowserID.org which Alex Mackey, one of my colleagues talked about briefly at one of our events on Wednesday morning. It is yet one more federated identity solution where web developers surrender their authentication responsibilities to a third party provider so I’m not sure if it is going to solve the worlds problems.

One thing that concerns me is the concept that e-mail address == identity. Right now I have five e-mail addresses in regular use. Web-sites like LinkedIn do a lot to allow me to use each one of those e-mail addresses to connect to my single identity within their system. Most sites however only really allow you have one e-mail address associated with your account with them, and so when I move on from one e-mail address it might be difficult to reacquire access to those resources.

Anyway – just some random thoughts about the state of identity. If it is too hard for us geek folks, it must be an absolute nightmare for our end-users.

3 thoughts on “Identity Fatigue

  1. Ben McEvoy

    Actually Mitch, I think this situation might be more simple for end users, as the majority of people would have just a single email address in use and would have used that same address across all the various sites in the image you clipped.

    It’s for them that this model works well; it’s we geeks with our multiple accounts for different purposes and who are more conscious of data-mining and security implications of using only a single account that suffer.

  2. David Connors

    The correct way to handle this is to allow people to associate whatever auth method they want back to a core identity. I’m working on a web 2.0 startup at the moment and the model we chose is to store a core identity for someone and then allow them to authorise whatever external sites they want to access that core identity.

    If you build the concept of identity recovery and associating new external auth providers in from day one then you don’t have an issue.

  3. Wile Coyote

    I have always touted that end user needs get lost in system design in favour of customer requirement and budget. I have lost many projects for pointing this out without fully explaining my position. I love that I can now say Identity Fatigue and not be misunderstood.

    Mitch – 5 Email addresses??? you must have account policy nightmares. I hope you employ address forwarding and simple rules to direct the messages to separate folders.

    In terms of how do we overcome it, Msoft tried it with Passport… massive failure. Then we have BIO ID… wow that works where sites have easily highlighted fields for those systems to pick up, but then they give up a degree of security to the hackers… and the spammers…

    If we deploy centralised ID validation systems, hack once and how many can you rip off,… visualise Sony Game SIte… nah… there is a simple solution in the cookie… where you store the user ID and the cookie on your server. Once the ID validation is met, you look for the cookie on the client, and not finding it, go to the cookie on the server. That would be something we could all employ.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s