Simple solutions to stupid password policies

Roy Leban blogs about stupid password policies over at his thisUser blog. I’ve got some good news for Roy and his readers: I’m currently making a living turning all of the things that he rants about into relics of the unenlightened past. And while I have to concede that it’s a slow uphill climb, there are some very exciting things that you can do today to start simplifying your online life.

The first one worth mentioning is a thing called OpenID, which is pretty much just single sign-on for the Internet. This is not a terribly new idea–Microsoft has been pushing for something very similar in the form of Microsoft Passport Windows Live ID for around a decade. OpenID has the added benefit that you can use it even if you’re not convinced you’d like to involve Microsoft in your online life.

In fact, you can even host your own OpenID. For example, I use the address of this very blog ( as my personal OpenID. (You can see it in action in my previous comments on Roy’s blog such as here. Notice the shiny orange OpenID icon to the left of my nickname?)

If you want an OpenID, I’d suggest myVidoop. (Full disclosure: I’m the CTO of the company that built it.) We’re one of the better-known OpenID providers, and unlike the other OpenID providers, we actually have a way of making money.

username and password automatically filled in by our password manager The big problem with OpenID today is that there are much fewer than 20,000 sites that allow you to log in today using OpenID. Which brings us to the other neat thing about myVidoop–we provide a cross-platform browser plug-in that helps you by managing your usernames and passwords as you cruise around the web. This enables you to sign in once when you open your web browser, and then we take care of signing you in to the other sites that you visit, whether OpenID-enabled or not. (Oh, and we also use a fun alternative to passwords for signing you in to the myVidoop site, so it can literally make your life almost password-free.)

I’d be thrilled if you’d give myVidoop and our password management plug-in a try and give us your frankest feedback over on GetSatisfaction.

Finally, I’ll mention for the benefit of the web site owners in the audience, there’s an experimental Vidoop project called Email to ID. If you have a web site that would be using OpenID if only most users already had one, Email to ID is your solution. Email to ID gives every user an OpenID, and the authentication mechanism is their email. (As strange as that sounds, that’s the way things already work only less conveniently–you can reset pretty much any of your passwords by simply requesting an email, so we just made the security dependency on your email box explicit.) You can find some more detailed analysis of Email to ID at Silicon Florist.


  1. Posted July 3, 2008 at 1:06 am | Permalink

    I think both OpenID and Vidoop are interesting ideas. Of course, they don’t solve the general problem of stupid security policies in general. And OpenID providers can impose rules that are just as silly as any random provider. But, I can switch OpenID providers to one that I like.

    Email to ID addresses one of the key flaws in Open ID — domains are techy while email addresses are for the masses. It could potentially make a big difference in adoption.

  2. Posted July 3, 2008 at 1:08 am | Permalink

    So glad to have you guys as part of the Portland tech community. You’re doing great work. And I simply can’t wait to see what the future holds.

Post a Comment

Your email is never shared. Required fields are marked *