« Previous post
Next post »

January 17, 2008

Yahoo Implements OpenID; Massive Win For The Project

Michael Arrington

99 comments »

The rumor last week was that Google (as well as Verisign and IBM) were mulling over the idea of joining the OpenID 2.0 single sign-on framework. But the real news comes today, as Yahoo and its roughly 250 million user IDs officially jump on the bandwagon. Today, there are only approximately 120 million valid OpenID accounts. In one move, Yahoo more than triples that number.

The service will be available in public beta on January 30, says Yahoo, and will allow users to log in to more than 9,000 OpenId compliant websites with their Yahoo IDs. Yahoo will also be integrating their Sign-In Seal feature, meaning users can view an uploaded image before giving over credentials - the feature is widely used by financial institutions and is designed to reduce the effectiveness of phishing attempts.

Yahoo is also announcing that both Plaxo and JanRain will allow Yahoo OpenID sign-ins from January 30.

“This is just the first step in working with OpenID,” Yahoo Director of Membership and Registration Raj Mata said to me on a phone interview yesterday. But he would not confirm when (or if) Yahoo would also become what is called a “relying party” (allowing users with third party OpenIDs to log in to Yahoo). He did say that the goal was to move in that direction, but gave no further guidance.

More information can be found at openid.yahoo.com. Screen shots are below.

  • Sphere It

This entry was posted on Thursday, January 17th, 2008 at 4:58 am and is filed under Company & Product Profiles. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Trackbacks/Pings (Trackback URL)

  1. Webreakstuff

    January 17th, 2008 at 5:18 am

  2. OpenID at The Jon

    January 17th, 2008 at 5:54 am

  3. Geekaholic

    January 17th, 2008 at 6:04 am

  4. Yahoo to Support OpenID - Technozzle

    January 17th, 2008 at 6:41 am

  5. Yahoo se apunta al OpenID… :

    January 17th, 2008 at 6:44 am

  6. BLOG : ICLIC :: La fin des log-in :: January :: 2008

    January 17th, 2008 at 6:49 am

  7. Web Unification At Last. Curse or Blessing?

    January 17th, 2008 at 6:59 am

  8. Astraea's Say about,,,

    January 17th, 2008 at 7:47 am

  9. Yahoo unterstützt OpenID : agenturblog.de

    January 17th, 2008 at 8:29 am

  10. Yahoo Implements OpenID; Massive Win For The Project

    January 17th, 2008 at 8:39 am

  11. OpenID conquiert les géants — SHOOB

    January 17th, 2008 at 8:41 am

  12. I’m Tracking Another Yahoo Bomb Coming - Yahoo Going Open - Well OpenID « Furrier.org - Business & Technology Blog

    January 17th, 2008 at 9:03 am

  13. Yahoo implements OpenID « Scotsman on a Horse

    January 17th, 2008 at 9:04 am

  14. Small and Independent Publishers Rejoice! OpenID Will Set You Free. Maybe. «

    January 17th, 2008 at 9:16 am

  15. « 小白的窩

    January 17th, 2008 at 9:42 am

  16. Disruptive Conversations

    January 17th, 2008 at 9:48 am

  17. Big Boost for OpenID | Mark Evans

    January 17th, 2008 at 9:59 am

  18. Support this story on Stirrdup

    January 17th, 2008 at 10:51 am

  19. Michael Gracie

    January 17th, 2008 at 12:13 pm

  20. Zoli's Blog

    January 17th, 2008 at 1:41 pm

  21. hype.yeebase.com

    January 17th, 2008 at 1:55 pm

  22. billrowell.com » Bill Rowell » Blog Archive » Yahoo Implements OpenID

    January 17th, 2008 at 9:13 pm

  23. Collaboradate Online Dating Blog

    January 17th, 2008 at 9:41 pm

  24. Justin Coyne » Blog Archive » Yahoo adopts openID

    January 17th, 2008 at 9:56 pm

  25. No Batteries Included

    January 18th, 2008 at 2:00 am


  26. January 18th, 2008 at 2:39 am

  27. Google Offers OpenID Logins Via Blogger

    January 18th, 2008 at 9:00 pm

  28. Komentarze - Skrypty PHP Download :::.. » Blog Archive » OpenID at Yahoo!

    January 30th, 2008 at 9:05 pm

  29. Jeffzilla

    January 31st, 2008 at 12:22 pm

  30. Vidoop Brings Aboard Chairman of OpenID Foundation | oscarpages

    February 5th, 2008 at 4:19 pm

  31. OpenID Welcomes Microsoft, Google, Verisign and IBM

    February 7th, 2008 at 6:20 am

  32. TechCrunch UK » Blog Archive » Google, Microsoft, Verisign and IBM join OpenID

    February 7th, 2008 at 7:01 am

  33. jan korbel » Archiv » Vítězství OpenID

    February 7th, 2008 at 11:47 pm

  34. An update to my my OpenID Shitlist, Hitlist and Wishlist | FactoryCity

    February 15th, 2008 at 7:51 pm

  35. Digital Design Blog » Blog Archive » OpenID Gets Massive Boost From Yahoo!

    February 25th, 2008 at 11:12 am

  36. Chris Makarsky — I’ll need to see some ID

    March 4th, 2008 at 12:29 am

  37. Raul Vera (azul) » Blog Archive » ¿Qué es OpenID?

    March 9th, 2008 at 2:27 pm

  38. Raúl Vera (azul) » Blog Archive » ¿Qué es OpenID?

    March 23rd, 2008 at 9:47 pm

  39. Is OpenID Being Exploited By The Big Internet Companies?

    March 24th, 2008 at 3:40 am

  40. OpenID Smackdown « The Real McCrea

    March 24th, 2008 at 7:01 am

  41. OpenID.com.ar » Blog Archive » Yahoo implementa OpenID

    April 10th, 2008 at 4:48 am

Comments

RSS feed for comments on this post.

  1. Technicle

    January 17th, 2008 at 5:06 am

    Certainly the right thing to do in 2008!

  2. Alexander Marktl

    January 17th, 2008 at 5:09 am

    Interesting move. Think I have to look more into openid…

  3. jb

    January 17th, 2008 at 5:48 am

    I have experimented with and mulled over accepting OpenID on my site. This may have pushed me over to go ahead and implement it.

  4. Niyaz PK

    January 17th, 2008 at 5:49 am

    Great news.

  5. Jon

    January 17th, 2008 at 5:50 am

    It would be nice to see an OpenID login on techcrunch with this announcment…

  6. DZ

    January 17th, 2008 at 5:57 am

    What advantage does this have over the mostly-rejected ideas like Microsoft Passport? Other than — it’s not from Microsoft of course…

  7. Baher

    January 17th, 2008 at 6:00 am

    That’s big news!!!!
    Congrats to OpenID and to all of us :)

  8. Eric

    January 17th, 2008 at 6:13 am

    Great move for Yahoo! I like the news allot.

  9. Jo Potts

    January 17th, 2008 at 6:17 am

    Yahoo’s got it all backwards!

    I swiftly went to my Yahoo account to switch it over to use my existing OpenID account, but what they’re actually offering is to let you use your Yahoo login as an OpenID account. At least they got it half right.

    To the layman, it’s as if OpenID is a Yahoo invention - which it’s not!

  10. OpenIDwatch

    January 17th, 2008 at 6:28 am

    It would be real nice for blog sites in general (and TC in particular) to accept OpenID for commenting, and have some additional primitive functionalities implemented to let the commenter edit or even retract an authenticated comment, say within a certain period of time, eg., within an hour or a day, etc.

  11. Myles Eftos

    January 17th, 2008 at 6:42 am

    +1 for Jo Potts comment. Everyone is becoming a provider, but there just isn’t enough CONSUMERS.

    If they allowed you to use your OpenID for Flickr and Yahoo Groups - then we will have a winner…

  12. Simon Willison

    January 17th, 2008 at 6:48 am

    DZ: The difference between OpenID and Passport is that with Passport, you HAVE to use Microsoft as your identity provider. With OpenID, you can choose your provider (just like you choose your e-mail or webmail provider) from anyone who supports the OpenID standard - AOL, Yahoo!, MyOpenID.com, VeriSign or a bunch of others.

  13. Ryan

    January 17th, 2008 at 6:54 am

    a blow to Facebook?

  14. Jason Fried

    January 17th, 2008 at 7:02 am

    Here’s a nice example of OpenID in action across multiple apps:
    http://37signals.com/openbar

    If you use your OpenID, signing into your Basecamp account will also automatically sign you into your Backpack or Highrise accounts as well.

  15. David Kaspar

    January 17th, 2008 at 7:02 am

    I was playing with the idea of allowing OpenID logins on my blog for comment purposes but how hard will it be to create a Yahoo OpenId on the fly to spam with?

    Just as easy as it is to create a throw away hotmail address?

  16. Michelle Greer

    January 17th, 2008 at 7:58 am

    Just to play devil’s advocate, what if OpenID’s database gets hacked? We’d all be screwed. Does anyone know how secure they’ve made it?

  17. Ederic

    January 17th, 2008 at 7:59 am

    I’ve already activated OpenID on my main blog, but it seems that only very few of my readers know about it. This move by Yahoo is indeed a great boost for OpenID. I hope Google will do the same. :)

  18. Niklas

    January 17th, 2008 at 8:08 am

    Michelle Greer: OpenID’s database? There is no such thing. Each provider have their own.

  19. Jehzeel Laurente

    January 17th, 2008 at 8:10 am

    great move for yahoo! :D

  20. WC_1970

    January 17th, 2008 at 8:20 am

    I sincerely hope that this works. Good move for Yahoo! A few points in the bag over their rivals but I’m sure it won’t be long before they come along, too.

  21. Tom

    January 17th, 2008 at 8:29 am

    @6 - I believe Microsoft Passport is only for MSN, hotmail, etc, which are all just Microsoft Products.

    @15 - agreed, I don’t know if Yahoo validates emails during signup. I suppose OpenID members could ban certain accounts also if they get flagged.

    Good article.

  22. Brett

    January 17th, 2008 at 8:33 am

    Bah. “But he would not confirm when (or if) Yahoo would also allow become what is called a “relying party” (allowing users with third party OpenIDs to log in to Yahoo)”

    I don’t need more options to *get* an OpenID, I need more options to *use* an OpenID.

  23. Benoit

    January 17th, 2008 at 8:40 am

    I think #16 raises a good question. With the widespread adoption of OpenID among non tech-users security is going to become a big issue, especially with phishing attempts. Plenty of my friends had their accounts phished on myspace simply after clicking on a picture that redirected them to a login page lookalike. Because “The user’s going to pick dancing pigs over security every time”.

  24. Brian

    January 17th, 2008 at 8:44 am

    Ah…finally…..This really means OpenID is all set for success!

    bookmarked @ http://livbit.com

  25. OPEN GIGA

    January 17th, 2008 at 8:44 am

    great news and big updates too ;-)

  26. Michael Thorner

    January 17th, 2008 at 8:57 am

    Makes a lot of sense. Great to hear.

  27. J. Douglas Halve

    January 17th, 2008 at 9:13 am

    There are a healthy number of FREE OpenID Providers available to web users interested in establishing their online identity via OpenID. Yahoo, Orange and AOL have made it very easy for users to establish their OpenID identity by using the sign on credentials they already have through these services. It won’t take long for the remaining mainstream sites to jump in. This is great news for the OpenID project! While large mainstream sites continue to jump on the bandwagon, there are numerous OpenID Providers that are solely dedicated and built around offering web users with feature rich and very secure online identities. A great example is myVidoop.com with their “Goodbye Passwords” approach to security, anywhere anytime access to stored usernames and passwords and user controlled account management via their site tools and SMS features. Other providers add SSL and anti-phishing features just like Yahoo’s Sign-In Seal. Users should really explore what these other Providers have to offer. SpreadOpenID.org has a Provider comparison to help users choose a Provider that suits their needs.

  28. Kevin Fox

    January 17th, 2008 at 10:07 am

    If you are interested in vetting an OpenID provider before you get an OpenID account there is a comprehensive review of the current top tier providers on http://spreadopenid.org

  29. Andy

    January 17th, 2008 at 10:13 am

    Va a ser muy útil en un sitio como lo es yahoo
    http://www.spymac.com/details/?2324191

  30. Dan Gudema

    January 17th, 2008 at 10:43 am

    Not sure how many of you have actually used OpenID account. I found out, after playing with it, that OpenID, in its current state, is not a security measure per se, nor is it a universal login. Maybe the rules would change in the future to make it a security issue or universal login, but for now it is just a way of holding your personal information at a third party site, which passes it to the site you are signing onto…

    So, you put your openid info in a website at openid.com or whatever, and then you go to Meebo.com, which accepts openid. What happens is you enter your URL, which would be something like openid.net/bob… Then it takes you to your openID original site, where you login, and then it flips back over to the first site with all the data entered into their database. So openID is a facility to move your personal data around.

    I just don’t get it. Can somebody tell me what’s the point of OpenID?

    All I know is it is getting more traction than that Microsoft security login that was tried years ago.

  31. Tal

    January 17th, 2008 at 11:14 am

    First - it is good news

    the question is whether it will become a standard de facto for authentication.

    I , as a site owner would like to have the ability to have general information about the user , such as : name,image,age,email etc. The user will be able to define which profile info are accessible to other sites.

    Tal,
    http://www.copenda.com

  32. HeavyLight

    January 17th, 2008 at 11:16 am

    I’m with Jo (#9), Myles (#11) and Brett (22).

    What’s the use of Yahoo (and LiveJournal, Orange, AOL, etc) using *their own* signons as external OpenIDs but not allowing existing OpenIDs access to Yahoo’s own sites?

    It’s like saying that you can send email to Hotmail friends but you’re not allowed to read their replies! (Well no, it’s nothing like that. But you get what I mean…)

    Open it all up, guys! Universal OpenID signons please.

  33. HeavyLight

    January 17th, 2008 at 11:22 am

    @Dan #30 — You’ve understood it correctly but missed the significance.

    As OpenID signons become more widely accepted, you’ll only ever have to remember *one* OpenID url (rather than lots and lots of individual account names) and *one* OpenID password (rather than goodness knows how many individual website passwords you’ve collected).

    I’m not sure I’d want to secure my bank account with OpenID but for signing on to blogs, for instance, just to leave a short comment, it’s ideal.

  34. Impartial Observer

    January 17th, 2008 at 11:27 am

    @9, 11, 22, 32:

    You are right, but think realistically. Why in the world would Y! develop this half of it and not the other? They’re not stupid, they see the whole picture; you simply have to walk before you run. OpenID by itself is a novel concept, especially for the kind of broad userbase that Y! has - you need to allow some time for the idea to become accepted and understood.

    This is a building block, not the final piece.

  35. TTLNews

    January 17th, 2008 at 1:15 pm

    For a comparison of 8 OpenID providers (where you can get an OpenID), see my post here.
    If you want to read more about OpenID, see my other posts about OpenID, referred to in this article.

  36. Jacob

    January 17th, 2008 at 1:35 pm

    OK so you can use your Yahoo! ID elsewhere. Cool.

    But you use no non-Yahoo! OpenID at Yahoo? That’s not exactly clear. Because if you can’t, this is more of a blow than a success.

    If you can, expect to see Google follow suit. And finally, it will win.

  37. PJ Brunet

    January 17th, 2008 at 1:43 pm

    Dangerous, too much power in one place, bad news.

    I was already annoyed having to use my Yahoo ID to access Flickr. Soon I’ll need a Yahoo ID to get in my apartment or flush my toilet ;-)

    I don’t like it. I want different logins for different sites. Don’t be lazy, just remember your passwords people. Or write them down if your memory is bad, save them as macros, or whatever you need to do. But don’t sell your soul for a little convenience.

  38. steve

    January 17th, 2008 at 1:53 pm

    this is a win for both Yahoo and openID.

    also, @PJ, several different companies are signed up for the OpenID (AOL and Wordpress to name a couple off my head.) In other words, you don’t have to have a Yahoo account to have OpenID, and if you have OpenID, Yahoo is not the only place to use it.

  39. David

    January 17th, 2008 at 1:56 pm

    @36

    Why not be your own OpenID Provider? Then you’ll have sole (sorry) rights to your soul.

  40. The Cronester

    January 17th, 2008 at 2:08 pm

    “Today, there are only approximately 120 million valid OpenID accounts”
    This seems low before you add in the Yahoo accounts.
    AOL added OpenId support months ago so any AOL screen name or AIM screen name or email-address registered as a userid at AOL (like thecronester@googlemail.com) can be an OpenId via AOL (openid.aol.com/) so I would have thought that would have been a big number.

  41. johns

    January 17th, 2008 at 2:09 pm

    But how will this tie-in with my existing Yahoo ID which I’ve had for years now? I hate the ID I have but there is no way to change it without starting over from zero. If I have to use my Yahoo ID for this, then it is a non-starter for me.

    Yahoo really should have a process for exporting your old userid content to a new one!

  42. frank smith

    January 17th, 2008 at 8:40 pm

    Its about time yahoo beats google and the rest in something, . I dont understand why nobody talks about yahoo anymore, found a great comment about the industry here, http://www.opentopix.com/topic.....ts-open-id

  43. Shiro

    January 17th, 2008 at 9:05 pm

    Great new!!! OpenID will be very important near future.It will be a big boss.

  44. Mr.Hong

    January 17th, 2008 at 9:36 pm

    Great idea,it would be cool to have an open ID on other website like bakugan.com,berryarts.com or berrysky.com.

  45. Shreyas Doshi

    January 17th, 2008 at 10:31 pm

    @41:

    johns, I am the product manager for Yahoo!’s OpenID effort. Regarding your concern, if I understood it correctly, your Yahoo! ID (eg: johnsmith@yahoo.com) will not necessarily be used in your OpenID URL. In fact, our implementation will not require the user to understand the intricacies of the OpenID technology and how URLs are used as identifiers. Also, in case you are a Flickr user, you will have the ability to use your Flickr photos URL as your OpenID identifier.

  46. Sean Zhang

    January 17th, 2008 at 10:33 pm

    Good new!
    Yahoo! is earlier than Google this time!

  47. Basu

    January 17th, 2008 at 11:14 pm

    Excellent idea……………..

  48. PiticStyle

    January 18th, 2008 at 3:17 am

    Great thing! Thanks for the information!

  49. SticKer

    January 18th, 2008 at 3:25 am

    that’s a great move by yahoo.

  50. jerrroen

    January 18th, 2008 at 4:42 am

    so when will I be able to login to Flickr or Yahoo with my MyOpenID? bit weird to say the least…

  51. Photo Tube

    January 18th, 2008 at 8:46 am

    Centralization of information is NEVER good. Sorry.

  52. bruce

    January 18th, 2008 at 1:25 pm

    There is clear value to be an OpenID Identity Provider -(IdP) - i.e. allowing your existing users to use an URL with your own domain name to log into other ‘relying parties’. In this case for Yahoo, it is enabling its users to use the Yahoo ID, in the form of xxxxxx@yahoo.com, to log onto relying party sites like LiveJournal, etc.

    It’s good for Yahoo because this allows Yahoo to extend its brand beyond the constellation of Yahoo sites. Everytime a Yahoo OpenID user uses the Yahoo OpenID to logo onto otherrelying party sites, the user is reminded that “I am a Yahoo User” because the user has to type xxxxxx@yahoo.com to log in. OpenID in this case creates ’stickiness’ for Yahoo, and reduces user churn.

    Based on the OpenID authentication protocol, Yahoo also gets to know what other web sites the user is using as the user is logging onto these sites using the Yahoo OpenID. So it will know, “Oh. This user has an account on LiveJournal, on Plaxo, on Magnolia, etc., etc. Let’s figure out a better way to target ads at him.” Another plus for Yahoo.

    The minus to Yahoo in this case is minimal — a) initial engineering and product mgmt work to enable OpenID, b) on going maintenance, and c) additional authentication traffic in the form of additional bandwidth.

    But the key to OpenId success is for Yahoo to become a relying party, or for ANYBODY with a large enough user base to become a relying party. Without relying parties, the identity problem will not be solved because the user still is stuck with multiple OpenIDs from multiple OpenID providers — it will not be any different than what it is now.

    OpenID benefits to relying parties often do not out weight the negatives for becoming a relying party. Benefits include, among others, a) not having to authenticate the user because the IdP like Yahoo is authenticating him for you, b) not maintaining user passwords so no customer service calls for forgotten passwords. The issue here is that it’s not clear who is legally liable if the IdP screws up the authentication, or how the relying party is supposed to trust the IdP. It’s a big deal for large web sites like Yahoo or Google and it will take a very long time for them to feel comfortable to trust the authentication and security practices of another IdP to rely on it. Perhaps one day, they will feel comfortable to trust some IdPs, and accept logins from them, but not others. Balkanization ensues and the consumer is confused, and screwed, again.

    So, I am waiting with bated breath to hear the pronouncements from Yahoo, AOL, Google (beyond blog comments) that “We accept third party OpenID login”.

  53. Diseño Web Barcelona

    January 18th, 2008 at 2:40 pm

    There is no doubt: This Yahoo movement would contribute to reinforce OpenID project. We think it could be a good news!!

  54. sandeep

    January 18th, 2008 at 8:06 pm

    hopefully google also moves for it very soon

  55. michaelgonline

    January 24th, 2008 at 6:49 pm

    i look forward to trying this out.

  56. claimsoffice

    February 1st, 2008 at 5:47 pm

    ghzsfjjfykglgljl

  57. Jermo

    February 11th, 2008 at 10:01 am

    How does mobile support factor in to open id?

  58. Richard Cutts

    February 16th, 2008 at 7:06 am

    I am irritated to see they are only allowing the use of Yahoo accounts as openID and not allowing me to sign up to Yahoo sites like MyBlogLog with my existing openID.

    Thus missing the point of openID.
    It’s as if Yahoo are saying “Yes a one for all signup profile. Great idea, just as long as we are the one”

« Previous post
Next post »