Oh, I can see it now, people don't use hard passwords...then the hackers can get it ALL in one fell swoop. That could be a disaster for many. Well, it'll make hacker's lives easier, LOL.

I have to agree with WiseWebDude. This seems like a bad idea.

How hard is it to just login to your favourite sites when you need them?

I dont think there is much of a safety issue here, most of the mainstream public use the same userId/password across different websites now anyway!...So why not legitimize (the practice) with a central userid provider (hopefully with a strict password requirement)

So why not legitimize (the practice) with a central userid provider (hopefully with a strict password requirement)

OpenID is decentralised

Not sure what the effect of it is, but you can even run your own OpenID server and use it everywhere that supports OpenID,

Out of curiousity, what would you propose instead of one centralized password, whether it be strong or weak? A different strong password for every single web service/site? Then people will just keep them written down on a piece of paper under their keyboard. Now every janitor and passerby is more dangerous than your "hackers".

I suggest people use a GOOD password creator/filler. I use a good program (paid for) that makes them for me at 40 digits, upper/lower case + numbers, copy and paste; this way I never, ever type in a password. If people want to be stupid and use one password for all their stuff then I guess let them...I'll come in here and laugh my butt off when people are freaking out that their ENTIRE life on the net was wiped out with one password (sorry sounds mean, but true). It is STUPID IMHO. Not long ago I was reading in here where some people had their Google accounts destroyed because they had one password for ALL of Google and lost lots of $ in Adsense as well. I cannot tell you how many people have contacted me freaking out that their password was hacked and got into everything, DUMB.

This seems like a good idea. Yahoo has long been a pain because it seems to require YahooIDs for far too much. It's not hard to sign into a few favourite sites, but Yahoo hasn't been a favourite site for me for a long time and probably never will be again, so I really can't be bothered putting it into a proper security manager and maintaining a YahooID. If I could use my OpenID there instead of a YahooID, I'd probably visit Yahoo more.

However, this news item makes it sounds like Yahoo won't be accepting OpenIDs where they currently use YahooIDs - they'll just be letting people use their YahooIDs as OpenIDs. That's nowhere near as useful.

I'll wait and see what actually happens on 2008-01-30.

...what would you propose instead of one centralized password...? ... Then people will just keep them written down on a piece of paper under their keyboard. Now every janitor and passerby is more dangerous than your "hackers".

Janitors can't hit 1,000,000 houses in an afternoon. 15-25 tops and the chances that they find the pieces of paper with the passwords are, let's be fair, 10%.

so you guys mean that your logon password is not "password"? :)

Now live at [openid.yahoo.com...]

With open-id you can set up your own server, and like single-sign-on every time you login, your details are passed to an authentication server.

This is not a 'everyone using the same password list' situation.

:-)

Can you actually point Yahoo at your own OpenID server and login to Yahoo with your non-Yahoo OpenID, or is this an audacious attempt to make people use Yahoo for everything?

If you can't delegate from Yahoo to another server, then this is brain-dead: all it takes is two sites to refuse to delegate and you're stuck with two logins - bye bye Single Sign-on.