on authentication protocols

Warning: What follows is a rant triggered by having to log into yet another site in order to carry out some simple task I do 50 times a day on a dozen different sites. It’s not me at my most thoughtful, and it may only make sense to people who care about Web site authentication.

How auth works now:

ME: I’d like to do X.
SITE: Who the hell are you?
ME: Didn’t I just tell you that?
SITE: Nope.
ME: OK, I’m [this guy].
SITE: What’s the password, [this guy]?
ME: Um, [this one]?
SITE: Nope.
ME: Um, [that one]?
SITE: Nope.
ME: Um, [the other one]?
SITE: Nope.
ME: OK, maybe I’m [that guy].
SITE: What’s the password, [that guy]?
ME: Um, [this one]?
SITE: Nope.
ME: Um, [that one]?
SITE: Nope.
ME: Um, [the other one]?
SITE: Welcome, [that guy]! What would you like to do?
ME: Heck if I can remember.

How OpenID auth works now (when you can get it):

ME: I’d like to do X.
SITE: Who the hell are you?
ME: Ask [ID site].
SITE: [ID site], who is this guy?
ID SITE: Who the hell are you?
ME: I’m [this guy].
ID SITE: What’s the password, [this guy]?
ME: Um, [this one]?
ID SITE: He’s [that guy].
SITE: Welcome, [that guy]! What would you like to do?
ME: I’d like to do X.
SITE: OK, here you go, [that guy].

How I wish auth worked:

ME: I’d like to do X.
SITE: Who the hell are you?
MY BROWSER: He told me to tell you to ask [ID site].
SITE: [ID site], who is this guy?
ID SITE: He’s [that guy].
SITE: OK, here you go, [that guy].

2 thoughts on “on authentication protocols

  1. That’s got to be the most brilliant thing I’ve heard related to auth in a really long time.

    Thanks for keeping it simple Chris. I can always count on you.

  2. Here’s how it sometimes goes for me:

    ME: I’d like to do X.
    SITE: Ok.
    ME: Now I’d like to do Y.
    SITE: Who the hell are you?
    ME: I’m the guy who just did X.
    SITE: Heck if I remember you. You’ll have to go back outside and start over – and I’ll have my eye on you this time, boyo.

Comments are closed.