Everyday at work I interact with a lot of different services and they all keep my credentials in the form of username and password. It would be nice if I could have the same credentials for all services, but as you probably know I shouldn’t.
The reason for that appears from time to time when credentials are stolen. Most people have the same password for the corporate email account, Facebook and the home router. A single password is never stronger than the weakest place where it is stored. And the one who stole the password has easy access to all your online identities. That’s a huge problem!
What can we do to help you? We have prepared the application to allow trusted third party identity providers. The same way as we previously could trust the authentication done in your active directory when logging on with your windows credentials. But now we ship with support for using Salesforce, or other vendors as well. We can even write custom extensions to leverage the current identity provider you’re already using internally.
And the trend seems to be heading in the direction of not using passwords for authentication. They’re simply too insecure. Most commonly used passwords are 123456 and ‘password’ in survey after survey. The iPhone is now equipped with fingerprint authentication that works seamlessly, and others are experimenting with other forms of biometrics.
Another approach used by some online services is to skip the password completely and only rely on sending a temporary link over email to authenticate. And in many cases that is sufficient, as most users rely on the “forgot my password” recovery link anyway.
Hopefully I will remember my password for the blog engine so I can post this.