The Password Is … Confusion

Web users do not get loaded down with packages when they go from site to site, but they do lug some baggage in the form of passwords. Commerce and content sites increasingly ask visitors to log in with a password, taxing the memories of those who frequent multiple sites.

Unless they use the same password at all sites — which is not always possible — forgetful users must choose yet another password to replace the lost one, or they must ask the site to send an e-mail reminder.

“One of the biggest hindrances to e-commerce is that people don’t want to fill in their passwords, addresses and other information over and over again,” Aberdeen research director Kent Allen told the E-Commerce Times.

Several companies are devising secure alternatives to these time-wasting methods, allowing users to store passwords and other personal information in one central place for use throughout the Web. But experts told the E-Commerce Times that key issues must be resolved before full relief is in sight, most of them relating to competing technologies and old-fashioned corporate turf battles.

Passport Out in Front

The highest-profile service is Passport from Microsoft (Nasdaq: MSFT), designed to let users log on to numerous Web sites and enter personal information with a single sign-on.

Passport, which Microsoft said has 200 million users worldwide, is an integral part of the company’s new XP operating system and of its long-term .NET strategy to corral Web users into its services.

So far, Microsoft’s sheer size has helped it fend off competitors. Allen said several “e-wallet” services — such as Gator, which claims 10 million users — have met with limited success, in part because they require users to accept pop-up advertising pitches in exchange for free access.

As Web use steadily rises, demand for single sign-on services is growing.Critics contend, however, that Passport is prone to security and service glitches, and competitors as well as online merchants are concerned about one company garnering too much control over the Internet.

“The problem that people have with Passport is that it’s a closed environment,” Rob Lancaster, an Internet strategies analyst with the Yankee Group, told the E-Commerce Times. “Nobody wants Microsoft tohave exclusive access to all those customers.”

Competitive Fray

Several major players are pushing their own alternatives. AOL, for instance, has its Magic Carpet service for sign-ons.

Lancaster said many large companies prefer authentication systems that serve vertical markets, giving users common access to the sites of companies in the same industry. For example, Bank of America uses a sign-in service called Yodlee in conjunction with its partner sites.

Sun Microsystems has reconfigured its iPlanet Directory Server software to streamline the log-on and authentication processes on e-business sites.

Sun, in fact, is among the leaders of the Liberty Alliance, a group of 34 companies pushing for a common ID standard based on an open architecture not controlled by one entity. The alliance includes AOL Time Warner, EBay, RealNetworks and Sony as well as several non-tech corporate giants, such as General Motors, American Express and United Airlines.

Compromise Likely

With that much corporate opposition, Lancaster said it is unlikely that Microsoft can maintain a monopoly over sign-in services — or that it would even want to do so.

“It’s not in Microsoft’s best interests to have all that information controlled by Microsoft,” he added, noting that the company risks becoming isolated if it alienates too many merchants.

Lancaster said there likely will be a compromise reached, possibly by letting Microsoft join the Liberty Alliance to form a common standard, although that probably will not happen quickly, according to industry observers.

In-House Solutions

In the meantime, experts say Web visitors can take comfort in the fact that companies have found effective ways to handle their in-house problems caused by too many passwords.

Craig Roth, senior program director at Meta Group, said businesses already are using a number of effective single sign-on programs on their corporate intranets and other internal systems. These programs were developed by such companies as Netegrity, enCommerce, Axent and Securant.

“This was a problem for the corporate world long before it was for consumers,” Roth said. “Something will be worked out eventually.”

1 Comment

  • All the high-profile initiatives to develop universal authentication platforms by players such as AOL with its Magic Carpet initiative, Microsoft with its .Net My Services initiative and the Liberty Alliance initiative started by Sun, do face significant challenges in terms of establishing consumer trust in their technology solutions. However, they may face even greater challenges regarding business interoperability within online identity and authentication “federations.” It’s a delicate balance between giving consumers what they want, a simple and secure single sign-on solution, and establishing a system that accommodates business interoperability and competition issues.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

LinuxInsider Channels