OpenID and Password Managers solve two different problems. Let’s have a look at OpenID and PassPack.
OpenID = public authentication
PassPack = private, secure storage
You can see right off the bat that these two technologies supply different, though very complimentary, services.
Granted, here at PassPack, we’re also releasing an auto-login tool (yes, it’s coming) that pushes us into the realm of authentication as well, though that’s not our primary function.
Actually, we’ll be introducing various new and exciting features that will push us into various different realms, but PassPack will always be private, secure storage at heart.
A Non-Ideal World
Alas, there will always be places OpenID can’t log you into. In fact, a major challenge facing OpenID is an excess of providers (folks that give you an OpenID, like AOL and WordPress) and a lack of consumers (sites that actually let you log in with OpenID).
All the logins and passwords for non-OpenID sites will still need to be kept secure. You can do that with PassPack.
Not Just for Passwords
There are an infinite amount of codes, registration numbers, software keys, frequent flyer miles, order numbers, confirmation codes, pins, etc that need to be safely stored and organized.
None of those things can be handled by OpenID.
However, all of those things can go into a PassPack account.
Security and Phishing
OpenID has no innate security. It was built to solve the problem of authentication, not security. For example, Phishing is a major problem for OpenID users, and providers are not required to use HTTPS (though most thankfully do).
Right now, a bunch of services are sprouting up around OpenID. That’s great news! But just remember, it’s up to these services to build security layers on top of OpenID. So choose your OpenID provider wisely - make sure they offer HTTPS and some sort of anti-phishing mechanism. MyOpenId is a viable option.
Starting All Over Again - Multiple OpenIDs
OpenID aims to reduce the problem of “too many logins”. Fabulous! …um … but … I already have more than one OpenID. I now need to remember (and protect) these too.
Guess where my multiple OpenID’s went? Yup, straight into my PassPack account. Just tag them “openid” and they’ll be easy to find.
Will PassPack Ever Support OpenID?
Yes. Signing in with an OpenID has been in the pipeline for a while now, and will be added in one of the upcoming releases. I know, I know… I can hear your thoughts right now:
“You just said how unsecure OpenID is, and now you say you’ll support it?”
Yes, remember - it’s up to services that use OpenID to build in security layers. PassPack can do that. It’s got anti-phishing built in already and, thanks to the Packing Key, should your OpenID account ever be compromised, the pack inside your PassPack account would still be locked up with your Packing Key.
Now the Million Dollar Question…
How many of you would actually want to sign into your PassPack account with OpenID? And how many of you that don’t already have a PassPack account would sign up for one if there was OpenID support?
What you say counts . especially when we sit down to review the release schedule. So speak up - post a comment, or write me.
Technorati Tags: PassPack, password manager, passwords, security, lifehack, openid, login
10 Comments
I certainly would sign in to PassPack using OpenID. Would be great. :)
I would be interested in it, but it’s not a deal maker or breaker. I’d actually like to see PassPack be an (optional, of course) OpenID provider. Let me link it to my blog as many providers do, so I can use that URL as my identity, but when I go to log in via OpenID let me log into PassPack with all it’s anti-phishing and security goodness! I’m already trusting PassPack with a lot of secure information, making it an OpenID provider makes sense to me. As far as logging in…I like the Packing Key scheme in place now; what would change in that process?
Hi David,
The OpenID login would replace the User ID/Pass login. You’d still need to insert the Packing Key though - that can’t be skipped. Ever.
Thanks for the feedback :)
Tara
That makes sense. Doesn’t seem more or less secure, just more convenient.
Hi David,
Yes, it’s more convenient for folks who use OpenID and would like to use it as often as possible.
On security, the data is still protected by your Packing Key. However it becomes very important that your OpenID provider offers anti-phishing protection. PassPack’s anti-phishing protects you on PassPack.com, but can’t guarantee for whatever OpenID provider you may be using.
With PassPack’s one click login, an OpenID authentication method would be amazing.
I would login to PassPack with my open id, and then one click login to every other site.
Is there any ETA on this functionality being included?
@Rmblr
No ETA. We had it planned for the Beta5 release, but have since been rethinking our scheduling.
It will be implemented though, and I’ll announce it on the blog once we have a full schedule.
Thanks for spurring us on though.
Cheers!
very interesting, but I don’t agree with you
Idetrorce
This is so great to hear! “How many of you would actually want to sign into your PassPack account with OpenID?” ME ME ME ME
I use both daily and they could really fit well together, cant wait for the new release :)
@tom
Ok - it’s coming…
2 Trackbacks/Pingbacks
[...] trying out is PassPack.com: here’s why Passpack’s founder thinks her solution is significantly different from OpenID. Ican tell you it’s a hell of a pain to log in to PassPack - I guess [...]
[...] 6 version is laying the groundwork for some very important changes, like sharing, being able to accept OpenID (both tricky in Host-Proof Hosting) and even getting that pesky Mobile version to work. So [...]
Post a Comment