yeah unfortunatly

both yahoo and blogger have just become openid providers

they do not seem to have any plans to let their users move grom id/password on their own sites to openid

{openid only recieves real support from sites allowing login credentials to be associated with an openid {or even a few} thus giving the users the choice to only have to remember the one set of credentials for all sites they use openid instead of username / passwoed}

more openid providers are not really needed, and yahoo's encoraging of people to use a login with yahoo on their sites runs contrary to the entire point of openid

haha

I just never! get tired! of these headlines!

Microsoft

Well, they did try this and it didn't work.

I think the reason was more a lack of trust of Microsoft than anything technical. So, Yahoo! may be more successful, but I suspect there is likely to be some ingrained mistrust of having passwords stored on the web in one place.

People, especially in the UK now, are much more aware of data loss than they were before HMRC decided to throw it all away. How many companies publish their mistakes? None? How often is it the result of a press leak that we find out about data losses? Every time? Most of teh time?

With passwords, if they haven't got them, they can't lose them.

Provider or consumer

We really don't need more OpenID providers at this stage of the game. We need more sites that support it for log in. Now if Yahoo had announced that, we'd be cheering.

Note that OpenID and oAuth are on the roadmap for OpenSocial.

Now we can hack ALL your logins in one go!

Great idea! Let's make it easy for the hackers so that once they've hacked one of your logins, they'll have access to all of them. Whoever thought that one up ought to be shot!

Does this mean...

...that El Reg could follow suit soon? Pretty please?

Sounds kinda like

a social security number for the internet. By making it "easier" for people to have one ID (login) for just about everything, will make it easier to track users across the net. What happens if a slightly under secured site has its user ID's hacked? Or is it going to make it easier for the powers that be to keep a handle on everyone? What will this do for online privacy?

Whatever happened to the concept of changing your passwords often or using different ones in case your online account gets hijacked? I see trouble brewing.

Oh! My! God!

Now, this reminds of something the UK government intends to do.

And it has the same dificencies: it provides a single portal for any security loopholes to be exploited. Woohoo. At least it may be marginally more secure than something the UK government implements...but that's not very difficult.

Paris, cos I haven't used her as an icon yet.

@Alan Doherty

What's wrong with more OpenID providers? If you are really paranoid you'd implement your own provider on your own server and create one account. That way you've got nigh on full control and can shut down access to all your online accounts automatically. Would there be anything wrong if every single person in the world implemented their own provider and used that? It's not worth the effort for 99.999% of people but, genuinely, what's wrong with it?

Passpot paspoirt

something like that we didn't use it because no one trusted MS (fairly well reasoned I think). This seems to decrease your safety while probably only very slightly lowering the number of passwords you use hell if you wanted to you could use the same username and password for all logins yes of course I know this differs in that there is only one repository of your details but I don't see it as being all that secure since they will need to send authentication details in some way across domains making spoofing easier.

Where's the problem?

At the moment this looks like nothing more than an easy way to make up fake details for staying anonymous on forums and blog posting etc. I've just signed up to one with a fake email account (the only proof of who I am I needed to give) and I can now easily troll message board without having to fill in registration forms and validate my email account every time.

Sweet! I just signed into LiveJournal with my OpenID account - it only took five seconds!

@joe

With OpenID 2.0's directed identity mode, it is possible for the OpenID Provider to choose the identity URL sent back in the response.

This would make it possible for an OP to give a user a different identity URL for each Relying Party that they visit. Provided that these different identity URLs can't be correlated (i.e. they don't contain a common user identifying section, and there are multiple users on the same OP), RPs shouldn't be able to correlate your profile by identity URL.

Now while this is possible, I don't know whether many OPs that provide this sort of service. As Yahoo is only supporting OpenID 2.0 they would be in a position to do so, but you'd need to check first.

Still using Username & Password?

Come on folks.

The hallowed pages of our Register have already hosted articles on alternative, mush stronger methods of authentication - GrIDsure for example.

Why start off trying to make life easier & safer, then not do the homework? Fixed passwords & PINs are finished, they are dinosaurs. We are on the slope towards the second decade of the 21st Century, lets use something better. Even Paris could work that out.