Rethinking the Login (APS2)
Hill Country C & D
OpenID and Facebook Connect have gained growing acceptance as ways to decentralize authentication — to allow people to log in to web services using credentials from other services, like Gmail or Facebook — but have seen limited adoption in…
Mark Heiman (Carleton College)

It all started with alumni – 26 thousand of active alums. May only log in a few times a year.

Let’s look to the accounts that they do log into every day. Gmail. Facebook…

Distributed/federated/social Auth

OpenID – anyone can provide/accept. However, openid are long.

OAuth – delegates access to user data. Pseudo-authentication.

Vendor APIs – private services like fbconnect.

Number of libs and services that help set up multiple implementations.

Is it safe? Is it safe for your audience?

If you are already allowing them to reset through Gmail – then using openid with gmail is no less secure.

Lots of misconceptions at launch. How do you know my yahoo password?

Carlton hides the extra Auth behind the “need help” link – next to the password reset. Users who remember their pass don’t need to be bothered with this.

What if Auth email does not match to the one in our system? Need extra options. But after, we now have this email in alumni db Next time, they are given a “sign in with google” button.