Yahoo, OpenID and the Identity Problem | February 19, 2007

I’ve been using Flickr for a couple of years and joined before they were bought by Yahoo! As such, I’ve always logged into my account using my “old school” username and password. When Yahoo! acquired flickr, they obviously wanted to promote the service to their existing user base, so allowed people to log in with a Yahoo! account as well.

Over the ensuing months, the Yahoo! account was promoted as the primary way of using flickr and the “old school” log-in was demoted to a small link at the bottom of the page. I had hoped that the “old school” log in would be retained as I didn’t really want to register for a Yahoo! account. I’m not sure why. It may have been that I liked the anonymity of having multiple, unlinked accounts or it simply may have been that I didn’t use any other Yahoo! services at the time and didn’t see then need for a centralised log-in. It may also have had something to do with an innate geek mistrust of large organisations controlling my online identity a la Microsoft Passport. Whatever the reason I resisted the urge.

A few weeks ago flickr informed me that they were phasing out the old school accounts and requiring their users to log-in using a Yahoo! account instead. I can understand the reason for this. After all, what organisation wants to manage multiple log-in types when they can have a single log-in for their whole portfolio of sites. More importantly, identity management and unified log-in are going to be a big battleground over the next few years.

If you control a persons identity online, you can really influence the services they consume. For instance, if I have a Yahoo! log-in, but not a Microsoft one, there is much more chance that I’ll consume Yahoo! products rather than being forced to create a whole new identity. This is especially true if my identity includes information like my network of friends, as it means I don’t have to recreate this information every time I sign up for a new service. The more concerning side is that it also allows companies to track my behaviour across a variety of online properties much like the company loyalty cards I dislike so much.

So slightly against my better judgement, I signed up for a Yahoo! ID. Rather annoyingly my preferred account name of “andybudd” had already been taken. Admittedly it may have already been taken by me, but going through the password retrieval process I was unable to find an account that matched. I also tried “theandybudd” but that was gone as well. I ended up with “andybudd72” which was really annoying as it meant I was forced to ditch my familiar flickr log-in for a much less familiar one.

I’ve currently got five or six usernames on various sites that all relate to a single person: me. This causes a bit of an identity problem. If I owned the username “andybudd” on every new site, you would know that the user who posted pictures on flickr was the same Andy Budd who posted messages on twitter or messages to your blog. Without this central control of identity, you can assume that it’s the same person, but it could equally be another Andy Budd or even somebody username squatting. On a more prosaic level, it also means I have to remember a bunch of different usernames, their associated passwords, and what sites they relate to. This is a bit of a pain.

While at BarCampLondon2 yesterday (which was excellent btw) I sat in on Simon Willison’s session on OpenID. I saw his presentation on the subject last year, and thought it looked like an interesting concept. However it didn’t seem like many sites were using the technology at the time. Fast forward a few months and it seems like a lot more sites have started using it, so during the session I set up an account and then tried a couple of sites like magnolia. This was cool, but the real kicker for me was IDProxy, a service Simon created to allow you to use your Yahoo! account as an OpenID. By adding a couple of links to the head of your web page, you can now log in to a variety of sites using only your domain name, taking us a big step closer to solving the identity problem.

Posted at February 19, 2007 1:45 PM

Comments

James John Malcolm (AkaXakA) said on February 19, 2007 5:35 PM

While OpenID is interesting, the inherent Phishing issues make me think (wide, wide spread use) is a pipe-dream.

Which makes AOL’s decision to open up to OpenID even more interesting…

pauldwaite said on February 19, 2007 7:31 PM

Simon Willison has been discussing all the issues around OpenID, including phishing, on his blog. It’s well worth a look.

I’m not sure OpenID is significantly more vulnerable to phishing than any other service.

James John Malcolm (AkaXakA) said on February 19, 2007 8:40 PM

I’ve read that, and from it take that it’s inherently less secure, exactly because you can (potentially) use it everywhere.

masone said on February 19, 2007 8:51 PM

Haha I was annoyed by exactly the same things as you. I always logged in as “old school user” too, was put off by a yahoo ID and lastly got a stupid username like you.

OpenID sounds like an interesting solution!

Jeena Paradies said on February 19, 2007 9:13 PM

Since I use the new Yahoo! login, I am not able to login with Safari. Am I the only one?

Nate Koechley said on February 20, 2007 1:17 AM

“which was really annoying as it meant I was forced to ditch my familiar flickr log-in for a much less familiar one.”

Actually, though you sign in with your new Yahoo ID you can continue to be known as your original Flickr name on Flickr. As I understand it, nothing on Flickr will make you expose your new Yahoo ID.

You’re right though, Simon’s work on OpenID is outstanding and indicates a path to a better situation in the not-too-distant future.

Andreas Stephan said on February 20, 2007 11:08 AM

This is great to hear. Now more sites have to actually implement OpenID. But I think this is just the first step. We really need a system to fully accumulate all aspects of identity 2.0, including “friendship mapping” across multiple social networks in order to prevent getting locked up in closed gardens.

Stu said on February 20, 2007 11:19 AM

Your old flickr name will not be gone!! you’re yahoo id has nothing to do with it. dunno why you whine about loosing you flickr name.

Dave Child said on February 20, 2007 1:43 PM

I’ve also had to change to a Yahoo login and it’s been frustrating. I have a login already but don’t know the password. The retrieval system appears to be incapable of helping me. I have a Yahoo account but can’t access it.

So, I’ve had to set up a second one, with the username “dave.ilovejackdaniels”. Very irritating - I’d rather have just stuck with my old login.

Faruk Ates said on February 20, 2007 2:06 PM

Now you know why I came up with a nickname to use online rather than solely my real name ;-)

Aside from Youtube (which is making me curious as to why…), pretty much every “KuraFire” on the entire Web is me. I particularly love sites that let me have an account with a username but present myself with a Display name (which I use my real name for).

Tanny O'Haley said on February 20, 2007 4:29 PM

It’s not just the OpenID issue, but it’s also having to remember yet another user ID and password. When I started where I work there were over 23 different login systems, each with a different user ID and password and different change requirements. We thought that was a little excessive. After six years the CIO mandated the use of one system, now two and a half years later we have around seven which is still excessive.

So it’s not just OpenID, it’s yet another user ID and password I have to remember.

Shay said on February 20, 2007 4:48 PM

I appreciate this post immensely (especially the part about my ID and the password retrieval). I too struggled to transfer over to the Yahoo ID! in my Flickr account and was forced into a username I didn’t want. Though the process was simple, I felt that my Old Skool ID was what I wanted.

Here’s to still wishing I was Old Skool….

Andy Budd said on February 20, 2007 6:38 PM

For the sake of clarification, I understand that my flicker id remains the same. The problem is twofold. First I’m now stuck with a new username to remember. Second, it’s not my preferred username, and differs from my flickr id. So I’ll be andyb on flickr, andybudd on delicious and andybudd72 on any other Yahoo! service. I think stu, you confuse whining with discussing an interesting problem about identity on the internet. But then again, maybe that’s because you have no identity of your own?

Stu said on February 23, 2007 6:22 PM

Yeah, what a pity that I’m anonymous.