Well, this is a unique blog. The design, the content–definitely intriguing.

Here’s a good sample.

It’s getting exciting in the world of cross-network authentication. Let’s review. I can now:

• sign into Digg using Facebook
• sign into DISQUS using Facebook or Twitter
• sign into Facebook automatically using OpenID (with two-factor authentication) or Google
• sign into FriendFeed using Google, Twitter, or Facebook

We’re quickly approaching the point where we’re going to be able to log into one major service (Google, Facebook, OpenID, etc,) and from there access all of our other services without authenticating.

As it stands now, I can already log into my OpenID provider, visit the Facebook homepage, and be transparently logged in. Today this works on Facebook. Soon something like it will work for your bank as well.

This is a good thing, but there’s a catch.

Security

While this is completely phenomenal from a functionality standpoint, we need to consider the fact that single-sign-on (SSO) raises a serious security concern: it significantly increases the impact of an account compromise.

If my OpenID account gets me into Facebook, and my Facebook gets me into Digg and DISQUS and FriendFeed (where I can post to Twitter, of course)…then a compromise of my OpenID account means a compromise of all those other accounts as well. Basically, once someone gets into your main service, your entire online identity can be hijacked.

Authentication Strength: More Important Than Ever

As single-sign-on solutions get more popular (i.e. now) we are going to have to give significantly more attention to our authentication standards and processes. Traditionally this has meant having a strong password, and while that is an essential piece of it, it’s arguably no longer enough.

What we really need to do is move to a strong/multi-factor authentication system. This means combining at least two of:

• something you know (passwords, pins)
• something you have (tokens, smartcards)
• something you are (biometrics)

So if someone guesses your password to my OpenID account, for example, they still can’t get into my account. They know my password, but they don’t have my mobile phone with my soft token on it. That’s multi-factor authentication, and it improves your security greatly when done right.

My current recommended way of doing this is by adding two-factor authentication to OpenID, which can be done via Verisign PIP for free. VIP can be used to add two-factor auth to major sites like eBay and PayPal as well, and soft tokens are available for popular mobile phone platforms if you don’t want to carry an actual token.

Strong Authentication Alternatives

In addition to tokens a number of other innovative options are available for multifactor authentication. Vidoop is an interesting system that combines OpenID functionality with a unique picture-based authentication system. It’s not technically multi-factor since it relies on something you know twice (password, then the images), but it’s still considered strong authentication.

Plus there are number of systems that use other things we commonly have with us to provide an additional factor of authentication, like sending a one-time password to your mobile phone via text message.

Conclusion

Social web service integration is upon us. Very soon, signing into websites using local credentials is going to be an indication of one of two things: 1) your single-sign-on system is broken, or 2) you’re using a website so ancient that you might want to consider an alternative.

This is progress, and it’s progress we should embrace, but we need to keep the risks in mind and take steps to mitigate them. So yes, enjoy the new powers given to you by single-sign-on, but do your best to protect yourself by looking for strong/two-factor authentication options within your favorite online services. ::

Links

[ Strong Authentication | wikipedia.org ]
[ Two-factor Authentication | wikipedia.org ]
[ Single Sign On | wikipedia.org ]
[ OATH | openauthenticaton.org ]
[ Facebook Connect | facebook.com ]

Here’s an interesting question: what is your standard for deciding when to add a given person to these various services?

1. Twitter
2. Facebook
3. Friendfeed
4. LinkedIn

Here are mine (I think).

Twitter

Anyone that seems interesting. I treat this as a content discovery method in addition to a personal communication system. I differentiate this by only doing SMS updates to close friends while using web or app retrieval for everyone else.

Facebook

Only people I’ve met or know in some way on a personal level–including people from high school, college, and such. I also include high-profile people in areas that I follow–but only if I am familiar with their work. The standard for those types is that I will have something to discuss with them when I do talk to them. If I don’t, then I don’t add them–even if I know they’re famous or well-known.

Friendfeed

Same as Twitter.

LinkedIn

This one is like of like Facebook, but for the professional side. In other words, I mostly add just people I know, and when I add people who are well-known in my industry I only do so if I know their particular sub-field and work well enough to carry on a conversation with them easily. If not, I don’t add all the big names just for the sake of having them there.

What are your criteria for adding to these various services?

I love the Internet. This girl (she’s 22) is becoming her own meme. This video has over 4 million views.

And here’s her channel on YouTube:

http://www.youtube.com/user/MRirian

The world is a strange place. ::

Well, this is cute.

Someone asks you a simple question and you send them a link to this site with the question they asked. Then they feel silly.

Example:

How many feet in a mile?

Answer:

[ How Many Feet in a Mile | letmegooglethatforyou.com ]

I’ve been struggling with a problem for a while now. The problem is how to properly display on my site everything online that I create vs. everything online that I find and enjoy. The issue is that these two types of content need to be differentiated to provide maximum value to readers.

So here are my requirements.

1. I want to be able to instantly send any content that I’m viewing, regardless of medium, to my website as a link. So if I’m reading an essay/article or watching a video clip, I want to hit a single button and have it highlighted on my site’s sidebar under Discovered Content.

2. And I want the same capability for any content I create myself, but that would happen automatically as I posted it. So if I post an essay on my blog, or I send some images to Flickr, Tweet something, or I write a comment on Reddit, I want a link to that content in my site’s sidebar as well, but this time under Created Content.

I think the best distinction you can make regarding content is whether you made it yourself, or whether you’re simply passing it along as part of your input stream. Created vs. Discovered. Output vs. Input.

So here’s what I’m proposing: a service that separately collects together everything you create vs. everything you discover online, and then builds an aggregate syndication feed for each, and then gives you a simple javascript block that you can drop into your site to display each.

So it’ll:

• Collect your content (both created and discovered)
• Aggregate each into two distinct feeds (think Yahoo! Pipes)
• Give you a javascript snippet that you can use to embed it in your site/blog

Here’s a simple mock-up of the architecture as I see it:

This is very rough right now, but if I still think this is a good idea in like a week I’m going to contact some people at my favorite services, e.g. Google, FriendFeed, to see if they’d be interested in implementing it.

Any thoughts? Does this sound like something people would be interested in?

A humorous new Internet meme. Well, perhaps not new. But humorous.

You don’t have to be an ego-freak to wonder if others are talking about you online. Egosurfing, i.e. the act of looking yourself up in search engines, is something most regular Internet users have done at least once. It’s very human to want to know if we’re affecting the world we live in.

So the old way to egosurf was to simply search for your name on Google whenever you remember to. Fun perhaps, but rather inefficient. There’s a better way.

Google Alerts

Google Alerts is a free service that lets you enter search terms (like your name or your website) that Google will monitor for you 24/7, across multiple types of online media. When someone mentions you Google will notify you immediately or at the end of the day, as desired.

And it’s customizable. You can look for yourself being mentioned in just news, blogs, video, web, or you can have it look through everything via the “comprehensive” option.

How to Get Started

1. Head over to Google Alerts
2. Put in the stuff you want to trigger on, e.g. your name (remember the quotes)
3. Set the media you want Google to search within
4. Set how often you want to be notified

That’s it. And here’s what an alert looks like.

Enjoy.:

Links

[ Google Alerts | google.com ]
[ Egosurfing | wikipedia.org ]

FriendFeed is a relatively new service designed to let you stay in contact with your friends in a more complete way than other services. Twitter is an excellent service because it allows one to microblog and push updates via sms, but this doesn’t show your friends everything you’re doing.

Someone wanting to follow your blog posts, your Twitter updates, Picasa/Flikr photos, or your Amazon wishlists would have to add those things separately.

FriendFeed solves this problem by consolidating updates from all these places (and many more) into a single interface. It’s basically a better way of doing what you’re already doing online, i.e. following the lives of your friends on the Internet.

Just go to FriendFeed, sign up, and add the services that you use, e.g. your blog, your FaceBook, your MySpace, your Twitter account, your Google Shared items, your Picasa/Flikr account, etc. Once you’ve added your accounts, you can continue using those various services like usual, but when update one of those services FriendFeed will update as well.

So there are really two steps to enhancing your connection to your friends via FriendFeed:

1. Get your friends to create FriendFeed accounts and add their various services to it. This way you can follow them.
2. Make your own FriendFeed account and add your services to it. This way they can follow you.

Example

Here are the services I have in my own FriendFeed:

• My Blog
• Twitter
• Google Shared Items (shared links)
• Google Picasa (photos)
• My Amazon Wish List

So all someone has to do to keep up with me is subscribe to my FriendFeed feed, not to all those different services. Not only that, but it also has a full vote-up and comment system where people can give input on the content you publish.

It’s an extremely powerful platform for staying in touch with friends regardless of what types of social networks they use. Have a go.

Links

[ FriendFeed ]
[ Twitter ]