Scott Blomquist

Roy Leban blogs about stupid password policies over at his thisUser blog. I’ve got some good news for Roy and his readers: I’m currently making a living turning all of the things that he rants about into relics of the unenlightened past. And while I have to concede that it’s a slow uphill climb, there are some very exciting things that you can do today to start simplifying your online life.

The first one worth mentioning is a thing called OpenID, which is pretty much just single sign-on for the Internet. This is not a terribly new idea–Microsoft has been pushing for something very similar in the form of Microsoft Passport Windows Live ID for around a decade. OpenID has the added benefit that you can use it even if you’re not convinced you’d like to involve Microsoft in your online life.

In fact, you can even host your own OpenID. For example, I use the address of this very blog (http://scott.blomqui.st) as my personal OpenID. (You can see it in action in my previous comments on Roy’s blog such as here. Notice the shiny orange OpenID icon to the left of my nickname?)

If you want an OpenID, I’d suggest myVidoop. (Full disclosure: I’m the CTO of the company that built it.) We’re one of the better-known OpenID providers, and unlike the other OpenID providers, we actually have a way of making money.

The big problem with OpenID today is that there are much fewer than 20,000 sites that allow you to log in today using OpenID. Which brings us to the other neat thing about myVidoop–we provide a cross-platform browser plug-in that helps you by managing your usernames and passwords as you cruise around the web. This enables you to sign in once when you open your web browser, and then we take care of signing you in to the other sites that you visit, whether OpenID-enabled or not. (Oh, and we also use a fun alternative to passwords for signing you in to the myVidoop site, so it can literally make your life almost password-free.)

I’d be thrilled if you’d give myVidoop and our password management plug-in a try and give us your frankest feedback over on GetSatisfaction.

Finally, I’ll mention for the benefit of the web site owners in the audience, there’s an experimental Vidoop project called Email to ID. If you have a web site that would be using OpenID if only most users already had one, Email to ID is your solution. Email to ID gives every user an OpenID, and the authentication mechanism is their email. (As strange as that sounds, that’s the way things already work only less conveniently–you can reset pretty much any of your passwords by simply requesting an email, so we just made the security dependency on your email box explicit.) You can find some more detailed analysis of Email to ID at Silicon Florist.

One thing that concerns many people about OpenID is what happens if their provider goes out of business or if they want to switch to another provider for some other reason.

At Vidoop, we believe that users deserve to always be in control of their online identity, even if it means that they’d like to switch away. We’ll let them keep their URL and change to another provider.

We recently shipped a feature that allows a user to go to the Account/Advanced tab on our site and delegate their myVidoop.com OpenID URL to the OpenID provider of their choice. For example, right now, if you type sblom.myvidoop.com in to one of your favorite OpenID relying party’s web site, you’ll see that you’re redirected to openid.xmpp.za.net.

All OpenID users should expect their OpenID providers to do the same. Please ask them to do so–even if you’re happy with them now. What if they go out of business, or if you decide that you like another provider better?

There have been some good blog conversations lately about myVidoop.com and Vidoop Secure (over at Judi Sohn’s Web Worker Daily review of myVidoop, or Carleen Hawn’s write-up over at GigaOM for example).

There are several really good questions that get asked often. I figured I’d collect them all here so that I have one place that I can point people toward the next time I encounter similar questions.

What’s the difference between Vidoop, Vidoop Secure, and myVidoop.com?

Vidoop is a Tulsa,-OK-based technology company. (We call Oklahoma the Silicon Prairie. I hear that other people call where they’re from the Silicon Prairie, too. But I think ours is the real one.)

Vidoop Secure is our authentication technology (which is available to license as an easy-to-use, low-cost, authentication technology and can be configured to provide strong two-factor security and can even completely replace passwords).

myVidoop.com is our free consumer Identity service that allows you to test-drive the Vidoop Secure technology and manage your usernames and passwords for the entire internet.

How does Vidoop Secure work?

The core of the Vidoop Secure authentication mechanism is a grid of images where each image is chosen to represent a particular category (for example, “cats” or “telephones” or “food”). When a user signs up for an account, instead of choosing a secret password, he chooses a set of 3-5 secret categories (let’s use “cars”, “boats”, and “flowers”).
More »