OneID Promises the Death of User Names and Passwords: You Can Forget It

OneID, founded by Steve Kirsch of Infoseek fame, has announced the OneID Javascript API. It promises a simple solution to a problem we all live with: too many usernames and passwords. OneID promises to eliminate the hassle. Documentation on the API summarizes the methods in the OneID API.

Quentin Hardy of the New York Times shows how it all works,

"His technology confirms who you are by combining the private security “keys” of several devices, which are then encrypted in a “blob” in a remote data center. Supposedly your personal information, including your name and address, passwords and credit card data, cannot be obtained there, either. When you want to log on to a Web site, OneID checks the security of the site, then determines who you are by confirming three different digital signatures on different devices. Merchants never see your credit card information but receive a clearance from OneID."

It's a great idea, seems to work, and has one very big hurdle: adoption, as Rip Empson of Techcrunch explains,

"for OneID to work, it’s going to need a significant user base, because there isn’t a whole lot of value for other sites in adding this tech, even if it’s something consumers are dying for. According to Kirsch, OneID is currently live on over 1,000 sites (that reach over 100 million users), and we can expect that the new leadership to focus on adding zeroes to that number."

OneID has novel ways of reminding you just how bothersome password IDs and filling in personal information in form after form can be. One contest on form filling, called form-fill fury, pits you against the clock: how many seconds do you waste before you finish? With OneID, that chore is history. Another, Memory Madness, tests your ability to remember a password.

Be sure to read the next Security article: Stormpath Uses New Funding to Enhance API


Comments (1)

[...] Of the many APIs we published this week, eleven were highlighted on the blog by our team of writers. In this post, we’ll shine a spotlight on those eleven, which included the OneID API. OneID aims to end the problem that many people have with too many usernames and passwords. It does so by combing a users security keys into one big, encrypted “blob.” Apparently this information is more secure than normal user authentication practices and is callable via the OneID API. Once a users information is in the blob, OneID authenticates a user when they are trying to log into a site by confirming three different digital signatures on different devices. To learn more about OneID functionality, visit the OneID site as well as the OneID API blog post. [...]