To use fingerprint as password is the final solution against security threat on Internet. Before making it possible ‘mobile phone code verification’ system and ‘OpenID login’ are the alternatives. OpenID provides the opportunity to enter a website with the help of of another website without ID & password. For example, you are logged in to Google, now go to http://www.mail.yahoo.com and click on ‘Sign in with Google’ icon; you will be able to log in to Yahoo without id/password. To make it possible, you will have to connect one Google account to one Yahoo account only for one time.
Advantages of OpenID:
1. We manually fill up a long registration form to be a user on a website. But OpenID (for example, Log in with Facebook) installs a application and the website receives some basic information from us automatically. So, we do not need to fill up the registration form,
2. Normally, we use different passwords for different websites. OpenID helps us to get freedom from the curse to remember multiple passwords for multiple websites,
3. OpenID helps us to secure accounts in secondary websites as the main or primary websites (e.g. Google or Facebook) provide mobile verification system which fights against key-logger.
Who is the best ?
Google, Yahoo, Facebook, Twitter, LinkedIn provides mobile verification code system.
But who is the best service provider now; The answer is Google. As:
a) We can provide alternative mobile no. to Google
b) If SMS delivery fails, we can receive phone call to get code.
c) If both SMS and phone call fails, we can use back-up code as Google provide ten ‘One Time Use – BackUp Code’.
Facebook, Yahoo, LinkedIn at the second position and Twitter is third.
Disadvantages of OpenID:
Imagine, you log in to Yahoo by Google. Now if the ID/Password system of Yahoo remains active; then if anyone knows the yahoo’s password, will be able to log in directly (even without OpenID or 2-step verification). Now, Yahoo provides mobile verification system after a long time but before that there was a security threat. At present, many secondary websites do not provide mobile phone verification system (like primary website Google or Facebook) but provide the chance to log in by OpenID. To avoid the risk, these websites must either
- start 2-step verification system like Google, or
- provide additional (optional) password system de-activation facility at the time of using OpenID,
- or implement previous two proposals at a time.
Reciprocal OpenID:
People are regularly using Google, Facebook, yahoo, Twitter, LinkedIn etc. Here people are facing two problems,
1. Everyone need to remember multiple passwords,
2. As mentioned websites provide mobile verification system, the telecom companies are charging for incoming SMS for maximum times in maximum States of this world.
So, now if,
- Google provide (1) mobile verification system with password system & ALSO (2) login facility to Google by OpenID of Facebook, Yahoo, Twitter, LinkedIn with additional (optional) password system de-activation facility at the time of using of OpenID,
- Facebook provide (1) mobile verification system with password system & ALSO (2) login facility to Facebook by OpenID of Google, Yahoo, Twitter, LinkedIn with additional (optional) password system de-activation facility at the time of using of OpenID,
- Yahoo provide (1) mobile verification system with password system & ALSO (2) login facility to Yahoo by OpenID of Google, Facebook, Twitter, LinkedIn with additional (optional) password system de-activation facility at the time of using of OpenID,
- Twitter provide (1) mobile verification system with password system & ALSO (2) login facility to Twitter by OpenID of Google, Facebook, Yahoo, LinkedIn with additional (optional) password system de-activation facility at the time of using of OpenID,
- LinkedIn provide (1) mobile verification system with password system & ALSO (2) login facility to LinkedIn by OpenID of Google, Facebook, Yahoo, Twitter with additional (optional) password system de-activation facility at the time of using of OpenID,
- AND other websites provide OpenID login by Google, Facebook, Yahoo, Twitter, LinkedIn with NO PASSWORD system,
then user will choose any website (Google or Facebook or Yahoo or Twitter or LinkedIn etc) as main or primary website where s/he will login by ID/Password and mobile verification system and s/he will use this account as OpenID to login directly to other websites. User may keep password & mobile verification system activated at other websites Or may de-activate password option.
This concept will increase user’s freedom and increase reciprocal users in all websites.