Tuesday, September 28, 2010

Trust and credential management: MyOpenID

I've been preoccupied lately with credential (un/password) management. I think the geek community has gotten confused by identity management isseus. We need to start with credential management, then associate identities (avatars, facets, personae, etc) with credentials.

I like my four un/pw proposa1 + one major password. So I wondered if anyone was going to do it.

That made me think again about MyOpenID, and what I wrote about Simplenote. I love Simplenote, but there are security risks to trusting them with a large volume of private information.

How much greater then, is the risk of trusting one's most precious credentials to MyOpenID.  What business model do they have? Why don't they already provide the approach I'm advocating? Should I be concerned that the MyOpenID blog link goes to a blog that never mentions the service?

To their credit MyOpenID provides an easy to find and use account deletion process. I have deleted my account. It just doesn't make sense to make a company that might vanish at any time a major holder of my digital identity.

See also:

No comments: