Is Giving away Passwords cool Again?
30. January 2008 – 21:28 byIt is January 30, 2008, the tech blog world is enamoured with the idea of data portability and related standards like OpenID and OAuth. At least that is my impression when reading blogs these days. But maybe I am wrong and it is just a feverish dream? I am confused after having a look at German Allyve which launched this week.
Allyve’s main feature is providing access to a number of social networks, email providers, online editions of newspapers, shopping sites, and much more. However users have to provide login credentials for every service they want to use with Allyve. Yes, that’s right, email/username and password for each site. That’s unreal! The little guy in the back of my mind is always telling me: You don’t want to do that!
Well, I did it. Just for testing purposes, though, and just for one network. So Allyve has my MySpace credentials now. On the startpage - oh yes, that’s a second feature - I can see if I have got new messages or friend requests from other MySpace members. Also I can click through to MySpace without logging in there. So is this worth the effort?
There are countless startpage services around: Netvibes, Pageflakes, YourMinis, Google, Yahoo!… They provide more features and are more appealing to the eye. OK, I can’t click through to other services and have to remember my passwords of those services. But what’s so bad about it? Real password managers like KeePass, PassPack, and Clipperz offer a lot of sophisticated features which Allyve is not even close to.
Currently Allyve is trying to get certified for the TÃœV Süd s@fer website seal. That seal means that websites have been checked for privacy measures, security concepts, and even usability. That’s all good and Allyve says it is encrypting data already. Though I guess this seal will cost several thousand Euros. The money could be spent for more useful things.
Why start a new service like Allyve when we have OpenID and OAuth and the startpage market is tough competition?
3 Responses to “Is Giving away Passwords cool Again?”
The little guy in the back of my mind told me some similar things… I am very sceptic with giving all my login-data and passwords in the hand of one platform.
By Pfefferle on Jan 31, 2008
Looking at this type of a technology I would not only run away, but run away as fast as possible. Why would anyone want to trust your only form of securing your digital identity to someone else. While the ease of use might appeal to some ultimately it appears that you have no control over this data.
While not a huge fan of OpenID and OAuth at least with both of these the user retains ultimate control over their information. Alternatives to this include some of the latest biometric devices put out by most of the major laptop vendors. These allow you to tie your fingerprint to a database which keep track of all of your online passwords and user accounts.
-secauditor
By secauditor on Mar 6, 2008
I don’t mind giving my passwords to an online password manager like PassPack. It’s a tool that is doing exactly what it says it does. But Allyve is using my passwords to aggregate data from those applications. It just seems strange doing stuff like this these days.
By Carsten Pötter on Mar 7, 2008