digg

Facebook Connect Join Digg About
See the original image at pcworld.com

Facebook Gives Major Boost to OpenID

pcworld.com Facebook has adopted the OpenID user-identity framework to simplify how people register for and log into the social networking site. It means that people will be able to sign into Facebook using their log-in credentials from Gmail. "This is a quicker, more streamlined way for new users to register for the site, find their friends....

Who dugg this? Made popular May 19, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

45 Comments

show profanity settings
expand all
  • mmittimm, on 05/19/2009, -5/+37I remember when facebook was cool... back before it became myspace. They should have stopped after they added photo functionality, now it's all just "OMG WHAT SEX AND THE CITY CHARACTER ARE YOU? I'M CHARLOTTE LOL!".
  • benologist, on 05/19/2009, -1/+12Wow it's about time. This is probably the biggest attempt by a huge website to actually be an openid *consumer* instead of them all competing to be your account to use everywhere else.

    They kind of over-stated the gmail association since Google is just one of many (including Yahoo, AIM) big openid providers. One of their editors must have thought it needed some more diggability. "MAKE IT ABOUT GMAIL TOO!".
  • inactive, on 09/13/2009, -1/+10The best part is now you can use myopenid with an ssl client cert to log in to facebook.
  • koan, on 05/19/2009, -0/+9It is a bit of a flaky implementation from what I can see.

    "Not a valid openid url" that is accepted anywhere else.
  • mattyx, on 05/20/2009, -1/+7That's my point. Thanks for stopping by.
  • BongWaterSmells, on 05/20/2009, -0/+4Two questions regarding OpenID
    1. If I register at a site using OpenID, will get access to info of what other sites I am registered with using my OpenID?
    2. If my OpenID is compromised, are all the sites linked to that OpenID compromised as well?
  • x713, on 05/19/2009, -0/+3I guess the benefit of using email addresses as a login is that anybody can have any username they want, since they are only identified by email. Otherwise, people will just be fighting for the usernames on the website, typical of email id's.
  • stufflebean, on 05/20/2009, -0/+3Dude, your tinfoil hat is showing.
  • reddyap1, on 05/19/2009, -0/+3I think using an e-mail is not bad because people usually stick to one e-mail when registering for sites. Also if this e-mail is for instance a g-mail account then it never changes and simplifies having to create a user name for each site.
  • pcpimpster, on 05/20/2009, -0/+3About time they realized the myspace & closed API model wasn't going to work.
  • Odaecom, on 05/19/2009, -3/+5More ways to exploit, for fun and profit!
  • mattyx, on 05/19/2009, -10/+12I don't know about you, but the reason I don't have a Facebook page isn't because it's too hard to register or because I can't remember another login credential. It's because it's a useless, time-wasting site that allows douchebags and ad-agencies to peer into my life. Being friends in "real life" is good enough for me.

    Just some feedback for the folks at Facebook.
  • N01SE, on 05/20/2009, -0/+2To put another way, if you're automatically logged into facebook if you are logged into gmail, and your gmail login info is comprised then so is your facebook.
  • Atomic1fire, on 05/20/2009, -1/+3I think the biggest issue is it requires a cookie on your computer,
    there is no way to directly login to facebook using your ID yet,
    it automatically logs you in, (because of the cookie of course) sure, but if you clear your cookies, you cant really just login to google, click use openid, and click google.
    you have to have the cookie in place, login to gmail, and then goto facebook.com
  • zenjabba, on 05/20/2009, -0/+2Wow, somebody else who understand federated identity!
  • cosmicv, on 05/20/2009, -0/+1Funny, I read this about an hour after I discovered this exact thing myself :)
  • inactive, on 05/20/2009, -0/+1Yeah, you didn't understand what I wrote. You're also not understanding how OpenID works. With OpenID, you only have login info for the OpenID provider and they are the only one who gets that info.

    If someone gains access to your email account, they can access your other accounts in the same way they'd be able to if they gained access to your OpenID provider login info. So OpenID is no worse in that respect.

    Hopefully this helps you understand me better.

    PS- Some OpenID providers, such as VeriSignLabs PIP, support multifactor authentication which makes them *more* secure than your email account.
  • GavinZac, on 05/21/2009, -0/+11. No
    2. Yes, but there is actually increased security because rather than having accounts scattered absolutely everywhere that can individually be compromised (and cause a domino effect - common passwords, data gathering and so on makes it much easier to crack them all once you've cracked one), you are, in the best sense of the phrase, putting all your eggs in one basket. You choose 1 provider that you trust, or even set up your own provider (takes about 5 minutes with Wordpress), and rely on that to be extra secure. A better analogy would be that you keep all your possessions at home; it means one break in or fire and you're screwed, but it is definitely more secure than carry stuff around with you and leaving them places.
  • synotic, on 05/21/2009, -0/+1I think that the reason they use e-mails is so that they can provide a "good-enough" authentication to prove that you belong to certain networks. Like a school network or work network. Another reason they probably don't use usernames is that they would largely be useless on a site like Facebook, where you use (or are supposed to use) your real name. It seems silly to force things like username collisions on users when they're not even going to be used.

    I don't have any data to back this up, but I'm also guessing that sites that use usernames have a much larger percentage of users with multiple accounts since you're not going to remember the answer to that fake security question you wrote earlier. Just another reason they might want to avoid them.
  • lordkenthegreat, on 05/20/2009, -0/+1The major question: How does one actually log in?

    I'm logged out of Facebook, but still logged into MyOpenID. I don't see a way to log in with my OpenID.
  • rmxz, on 05/20/2009, -0/+1I like email addresses as accounts since
    1. It makes "reset my password" easy.
    2. It makes it easy for me to have multiple accounts on a site (since I have multiple email addresses).
  • rebrad, on 05/20/2009, -0/+1Exactly, this is nothing but a spammers field day where they won't even have to work to get their victims.
  • Atomic1fire, on 05/20/2009, -0/+1Windows live will eventually add support.
  • Atomic1fire, on 05/20/2009, -0/+1You can link your current account with your openid, (or ID's)
    though you can only link one account from one provider with your facebook account (which means no support for multiple google users, unless they have their google ID figured out)
  • sickthoughts, on 05/20/2009, -1/+2Websites supporting OpenID cannot interfere with your OpenID, so it doesn't matter if they are compromised.

    You just have to look out for phishing, bruteforcing and eavesdropping.
  • Atomic1fire, on 05/20/2009, -0/+1You hook up your ID, (in your facebook accounts settings area, under linked accounts)
    (don't clear cookies)
    Login to myopenid
    goto facebook.com while still logged in to myopenid
    facebook scans cookie, sends request to your provider, and then BAM, logged in
  • N01SE, on 05/20/2009, -1/+2An email account involves the email address AND a password, "forgot your password" usually sends an email containing your password. So unless you know the email address AND pass you won't be able to access the email.
  • Atomic1fire, on 05/20/2009, -0/+1If anything, it will be required for citizenship and medical information, in the name of convienence and safety,
    I seriously doubt people would just use microchips for social interests, plus with that killer chip out (some guy tried for a patent for a microchip that could contain poison that could be released remotely, aka, death by remote control), that raises more concerns, like unwanted population control, or someone using it to kill massive amounts of people remotely.
    I don't think people will give up that much privacy that quickly, even if some stupid politician comes up with the idea.
  • BongWaterSmells, on 05/20/2009, -2/+2Hah... "real life" friends
    Tell your buddies in WoW that I said hi
  • zenjabba, on 05/20/2009, -1/+1.
  • ssweiti, on 05/20/2009, -1/+1It looks like Google is slowly becoming Big Brother, we're being watched!
  • poprocksandsoda, on 05/20/2009, -1/+1The real reason they use federated IDs is to drive traffic to each other and share stats. I can't think of a good reason to fall into that trap.
  • Atomic1fire, on 05/20/2009, -1/+1unless your cookies are cleared,
    ultimately, if you don't want people accessing your information, protect the information on your computer.
  • bloodwings, on 05/20/2009, -1/+1If Microsoft would use OpenID for MSN, my life would be complete.
  • ps3beast, on 05/20/2009, -2/+1What is the point of this? A lot of us (probably most, but I can't assume) already have Facebook accounts. Unless Facebook can do something that can integrate existing accounts with OpenID, not many people are going to use it.
  • inactive, on 05/20/2009, -2/+1If anyone were to gain control of your email address, they could do the same thing using "Forgot Your Password?" links. Or, you might be using the same password on multiple sites.

    Only your OpenID provider gets your login info, so you just have to choose a secure OpenID provider whom you trust. You could even be your own OpenID provider.
  • sickthoughts, on 05/20/2009, -3/+2Tupac
  • N01SE, on 05/20/2009, -5/+3OpenID is one id, one login and identifier for every site, that's the idea. And of course my first concern is that anyone who gains control of your OpenID (that was a bad choice of name) now can log on to all the websites you use it for.

    I have separate logins for multiple websites for a reason, if someone's security sucks and my info is leaked, I don't have to worry about my other accounts since they are totally independent from each other.
  • phydeaux70, on 05/19/2009, -5/+3Sounds like another idea, much like Federated Identity, that probably won't take off because of leagal issues. A Social networking site is one thing, private information is another.
  • palmer, on 05/19/2009, -5/+2Anything that brings a real user ID to amateur-hour sites that are currently E-mail addresses as IDs is a step forward.

    Trying to use an E-mail address as a user ID is just dumb. We all have multiple addresses at this point, and who knows which one we might have used months or years ago to sign up for some site? For many people, addresses also change over time, with employment, ISP changes, whatever.

    If you're going to have people log into your site, you need to let them set up a legitimate ID. Period.
  • LeviTheSmith, on 05/19/2009, -6/+2Tupac
  • Diggererupt, on 05/20/2009, -5/+1Fact is the 'Facebook' is just a 'tool' of the New world order ,to get us ready/relaxed for the coming 'Microchip Implants'....yeah,just chill guys :"your buddies just want to know all about you(4 friendship's sake of course!!!!!)
  • ctiedje, on 05/19/2009, -13/+6this is like WalMart dropping HD for Blu-Ray...sort of...not really...but...
  • inactive, on 05/19/2009, -10/+1all you have to remember is your ***** email address.
  • palmer, on 05/19/2009, -13/+4The Shift key: Try it.

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.