Can OpenID Replace a Password Manager?

OpenID and Password Managers solve two different problems. Let’s have a look at OpenID and PassPack.

OpenID = public authentication
PassPack = private, secure storage

You can see right off the bat that these two technologies supply different, though very complimentary, services.

Granted, here at PassPack, we’re also releasing an auto-login tool (yes, it’s coming) that pushes us into the realm of authentication as well, though that’s not our primary function.

Actually, we’ll be introducing various new and exciting features that will push us into various different realms, but PassPack will always be private, secure storage at heart.

A Non-Ideal World

Alas, there will always be places OpenID can’t log you into. In fact, a major challenge facing OpenID is an excess of providers (folks that give you an OpenID, like AOL and WordPress) and a lack of consumers (sites that actually let you log in with OpenID).

All the logins and passwords for non-OpenID sites will still need to be kept secure. You can do that with PassPack.

Not Just for Passwords

There are an infinite amount of codes, registration numbers, software keys, frequent flyer miles, order numbers, confirmation codes, pins, etc that need to be safely stored and organized.

None of those things can be handled by OpenID.

However, all of those things can go into a PassPack account.

Security and Phishing

OpenID has no innate security. It was built to solve the problem of authentication, not security. For example, Phishing is a major problem for OpenID users, and providers are not required to use HTTPS (though most thankfully do).

Right now, a bunch of services are sprouting up around OpenID. That’s great news! But just remember, it’s up to these services to build security layers on top of OpenID. So choose your OpenID provider wisely – make sure they offer HTTPS and some sort of anti-phishing mechanism. MyOpenId is a viable option.

Starting All Over Again – Multiple OpenIDs

OpenID aims to reduce the problem of “too many logins”. Fabulous! …um … but … I already have more than one OpenID. I now need to remember (and protect) these too.

Guess where my multiple OpenID’s went? Yup, straight into my PassPack account. Just tag them “openid” and they’ll be easy to find.

Will PassPack Ever Support OpenID?

Yes. Signing in with an OpenID has been in the pipeline for a while now, and will be added in one of the upcoming releases. I know, I know… I can hear your thoughts right now:

“You just said how unsecure OpenID is, and now you say you’ll support it?”

Yes, remember – it’s up to services that use OpenID to build in security layers. PassPack can do that. It’s got anti-phishing built in already and, thanks to the Packing Key, should your OpenID account ever be compromised, the pack inside your PassPack account would still be locked up with your Packing Key.

Now the Million Dollar Question…

How many of you would actually want to sign into your PassPack account with OpenID? And how many of you that don’t already have a PassPack account would sign up for one if there was OpenID support?

What you say counts . especially when we sit down to review the release schedule. So speak up – post a comment, or write me.

Technorati Tags: , , , , , ,


13 responses to “Can OpenID Replace a Password Manager?

  1. I certainly would sign in to PassPack using OpenID. Would be great. :)

  2. I would be interested in it, but it’s not a deal maker or breaker. I’d actually like to see PassPack be an (optional, of course) OpenID provider. Let me link it to my blog as many providers do, so I can use that URL as my identity, but when I go to log in via OpenID let me log into PassPack with all it’s anti-phishing and security goodness! I’m already trusting PassPack with a lot of secure information, making it an OpenID provider makes sense to me. As far as logging in…I like the Packing Key scheme in place now; what would change in that process?

  3. Hi David,
    The OpenID login would replace the User ID/Pass login. You’d still need to insert the Packing Key though – that can’t be skipped. Ever.

    Thanks for the feedback :)

  4. That makes sense. Doesn’t seem more or less secure, just more convenient.

  5. Hi David,
    Yes, it’s more convenient for folks who use OpenID and would like to use it as often as possible.

    On security, the data is still protected by your Packing Key. However it becomes very important that your OpenID provider offers anti-phishing protection. PassPack’s anti-phishing protects you on, but can’t guarantee for whatever OpenID provider you may be using.

  6. With PassPack’s one click login, an OpenID authentication method would be amazing.

    I would login to PassPack with my open id, and then one click login to every other site.

    Is there any ETA on this functionality being included?

  7. @Rmblr
    No ETA. We had it planned for the Beta5 release, but have since been rethinking our scheduling.

    It will be implemented though, and I’ll announce it on the blog once we have a full schedule.

    Thanks for spurring us on though.

  8. Idetrorce

    very interesting, but I don’t agree with you

  9. Pingback: How to Navigate the Password Jungle| Zoli’s Blog

  10. Pingback: Beta 6: A Bridge to “Better” « PassPack Blog

  11. This is so great to hear! “How many of you would actually want to sign into your PassPack account with OpenID?” ME ME ME ME
    I use both daily and they could really fit well together, cant wait for the new release :)

  12. @tom
    Ok – it’s coming…

  13. An outstanding share! I’ve just forwarded this onto a colleague who was conducting a
    little research on this. And he actually bought me breakfast simply because
    I stumbled upon it for him… lol. So let me reword this….

    Thanks for the meal!! But yeah, thanks for
    spending some time to discuss this issue here on your
    web site.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s