A study by digital communications agency @www, reveals that whenever possible, 61% of web users use the same password for all their online accounts, reports the Guardian. The survey also found that more than 1 in 10 users have over 50 online accounts to log into, leading many to experience password fatigue. Hence using the same password across all accounts.
One solution to password fatigue is OpenID, which got a huge bump this morning from Yahoo!. OpenID works by letting users log into to any supported service using a single username and password combination. But if using the same password across multiple accounts in dangerous, isn’t OpenID essentially the same thing?
In theory, there are a ton of benefits for the user with OpenID. As someone who tests online products and services for a living, and has thus amassed a huge number of accounts with different usernames and passwords, OpenID is an exciting idea. Marshall Kirkpatrick presented a concise list of user benefits in a post on ReadWriteWeb this past November:
- You can remember one username/password and log in to many different accounts.
- In some cases you don’t have to do anything but provide an OpenID in order to start a new account. That means you can start personalizing a new service really fast.
- You don’t have to trust random new sites with your info, your OpenID authenticator will hold and confirm everything for you.
- In theory, you should be able to choose how much of your full profile to expose to different sites you log into.
But there are also a number of potential problems. Chief among them, in my mind, is that unifying your online identities means that having your password compromised becomes a whole lot like losing your wallet. Now instead of some unscrupulous individual gaining access one online account, the person who has your OpenID credentials can log in everywhere you do. Recovering from that means a long, slow process (for record, I haven’t heard anyone talk about using OpenID for logging into ultra-sensitive web sites like those for banking or managing credit cards).
The good news for OpenID, is that with more than 1 in 10 people suffering from password overload, the prospect of a single, linked identity is likely an inviting one. And if 61% of people are already essentially doing what OpenID does on their own — using the same login credentials across all their accounts — they may not mind the potential security flaws with the system.
However, there are other options for keeping track of your passwords. As the Guardian writes, “it’s not necessarily bad to write passwords down – a piece of paper is going to be much harder to hack for an internet baddie than something stored on your computer or online, as long as it is adequately protected. Hide it, disguise it, put spaces in it, blend it in with other things. And don’t write ‘My banking passwords’ at the top of the page.”