WIRED:Your log-ins are a vital part of your being. Be careful exactly how you manage them, writes DANNY O'BRIEN
HOW MANY log-ins do you have on different websites these days? I’m probably a bit excessive in how quickly I’ll sign up for some strange service, but I have over 600.
I know this, because I ended up entrusting all those log-ins to “1Password”, a password manager for the Mac that remembers and fills the passwords. You might use the built-in form-rememberer in your browser, or just use the same log-in and password for all of your sites. That last one is a bit of a bad idea – websites have been known to be cracked for their users’ passwords, which are then used to hijack accounts on other services, but I honestly can’t blame you.
Managing your multiple internet identities is a demanding affair.
Which is probably why so many people are handing over that responsibility to mega-sites like Facebook or Google. New websites often offer the chance for you to register, not by painstakingly entering all your personal details once again, but just by giving your Facebook log-in. The site lets Facebook do all the account management, and just checks to make sure you’re already logged in to the social networking site when it’s time to log you into their third-party site.
That’s a pretty creepy solution though: Facebook now knows not only who your friends are, and what you’re doing when you log into Facebook. It also knows when you’re logged in to completely independent sites.
And, of course, those third-parties are enormously beholden to Facebook. It’s almost like they’re borrowing a list of users, rather than fully in control. And the last person who really has the control in this case is you.
Even creepier, I feel, are the other groups sniffing around this space. When they talk about “identity management”, governments, credit companies and mobile network operators have far loftier aims for their universal plans than just keeping track of your dating or music sites. What they intend is to control a single log-in for everything from your medical data to your bank accounts to your tax records. Put like that, an identity-management system run by the government seems to make some sense: it’s just an ID card or a passport writ large.
That’s okay if you trust your government not to misuse that data or implement it incompetently. But your mobile phone provider? Or those famously consumer-friendly credit record companies?
We may be willing to sacrifice some privacy for convenience, or some freedom for security. The past few decades of understanding the need to keep a password to yourself surely means most of us have a sense that we do not want to pass such secrets on to just anyone.
Really, the optimum solution is something like 1Password, where my details are kept locally, and I have full control, yet without all that tedious messing around with different passwords for a bazillion accounts.
My guess is that the real successes in this identity management space will be neither the state, credit companies or Facebook. Governments have been grinding over the possibilities of a single log-in for almost a decade and have managed to do nothing useful. Facebook has been making a concerted effort to expand its social empire into a universal identity, but at this point any other company with the correct amount of paranoia will be far too suspicious of the networking giant to cede power to them.
Credit card companies and telcos have a chance. But the fast-moving, hyper-competitive market with a potential reach in this space are the smartphone manufacturers and their software providers: Apple, Google, Microsoft, Nokia and so on.
It makes perfect sense for me to roll up all my log-ins on to my phone. I keep a lot of private info in there, but like a wallet, I keep it on my person, and I don’t share it with anyone. If there was a way to spill the information I store there back on to my computer or tablet, it would be the perfect place to cache my many log-ins.
The next generation of smartphones will have that kind of PC/phone integration – in fact, many people are already using phones as the equivalent to the handheld fobs that some banks offer for account verification.
Everyone else wanting to get into this space will fight this development tooth and nail.
Governments will be frustrated to lose another opportunity for bureaucratic simplicity; credit card companies, Facebook and other also-rans will scrabble to bring forward their plans or co-opt those of the smartphone manufacturers.
But in the end, my guess is that a phone and my identity are a good fit. Phones these days have an almost totemic personal connection with their owners. I own my phone and I own my identity. I’m not going to lend out either to strangers who want to use them for their own ends, no matter what convenience that provides.
I could be wrong, but this may well be the point where we start taking back all that information we’ve been trusting to others, and start keeping it where it should stay: literally, in our own hands.