Very recently, open IDs seem to be the hot topic. As the new web evolves and the Internet becomes more decentralized and democratized, such a system was inevitable. It has simply taken longer than many experts predicted. In any case, it is starting to make a strong case, as Internet giants AOL and Yahoo are implementing the framework.
Once again, this may be a great time to tap the old user-edited encyclopedia for a definition. Wikipedia defines OpenID as “a decentralized system to verify one’s online identity”. A pretty simple definition for a fairly complicated system and concept.
All is fine and dandy right? Not quite. With every new successful trend or system, there is a downside. Cyber-criminals and malicious Internet users are just salivating at the future possibilities.
If only one log-in and password is needed for all sites, access is not only easy for the user, but also for the criminal should he/she be able to attain such information. Immediately, the thief would have access to all sites which use the OpenID format. The potential consequences for the user are astronomical. Credit card numbers, personal information, bank records, and other information-sensitive documents could quicky and easily be stolen and leveraged in mischievous ways.
In the current state of the net, users acquire different user names and passwords for each individual social network, photo/video site, e-mail account, etc… Although this is more complicated and time-intensive, it hedges the user’s bets should a criminal acquire the leaked log-in information and credentials.
I don’t believe I need to go into fine or further details about the potential wrong-doings and mishaps that could arise if the informatin reaches the wrong hands. The point is simple though. The easier and more functional across different platforms for the user, the same goes for the criminal. The biggest strength of the system is also its ultimate demise. Protective barriers and safeguards will need to be implemented on some level to prevent an information crisis. How this will be accomplished is beyond me. But I’m no security expert.