philcrissman.com

I was too slow.

Two weeks ago I was actually contemplating web authentication systems, and it occurred to me that it would be really nice if I could just use my Google account and password to authenticate to a site of my own design. I thought it over for a little while, though, and a lot of problems presented themselves.

For example, to use this in a general sense, people would need to trust that you were not just logging their Google account name and password — there would have to be an official Google API for such a thing, in other words. Otherwise, no one would feel comfortable using it.

I tossed it around a little more, and at one point I really thought about writing something down and sending it to Google to see if they would ever consider doing something like this.

But, like many ideas, it has just sat there for the last few weeks since I had it.

Now it appears that Yahoo has implemented a system exactly like this — so I suppose that should at least validate that it was a good idea.

The basic idea is that you can set up your web application so that people can log in with their Yahoo ID — so you instantly have a huge pool of potential users who will not even need to register to use your site; they can just log in using an ID and password they already have.

There are some definite plusses to this; not only the instant pool of potential users, without the barrier of a registration process, but there is probable positive brand identification for your web app by association with Yahoo’s established brand.

On the other hand there are some possible problems:

• Security, and trust: will the login be secure, and will the users trust that their information is not being logged?
• Keeping user statistics; will the web app owner have access to a list of “users” — that is, people who have actually logged in and used the site. The advantage of rolling your own solution for user authentication is that you have the complete database of users — potentially, your most valuable asset.
• Possible brand confusion, or even negative brand association. As much as it could be a positive to be associated with Yahoo (or Google, should they implement a similar program), it could have negative connotations as well. People could erroneously assume that your site is part of or owned by Yahoo. Also, there may be people who dislike the brand you’re associated with. If someone has had a negative experience with Yahoo, you don’t want this to be transferred to your new startup.

I expect that the security problems can be and will be solved — most likely Yahoo is confident that they have solved it, or they would not be offering the service. I’m looking forward to seeing how people use this, and whether or not Google does introduce something similar.

And if nothing else, at least I feel like I had a good idea — even if I did nothing with it. ;-)