Verisign’s new Personal Identity Portal (PIP from now on) isn’t the sexiest application out there to help you manage passwords. But it has Verisign’s strong reputation for security behind it, and it is a surprisingly easy way to manage website credentials.
PIP is a a single sign in solution that supports both OpenID (you are issued a Verisign OpenID) and direct sign in to a number of supported websites. If a site doesn’t support OpenID, login is handled by populating the username and password fields directly.
So far, PIP isn’t much different than the previously covered Clickpass and other solutions. It supports a lot more sites, however. And it also handles signin directly from a bookmarklet that resides directly in the browser chrome.
Being Verisign, they’ve also added optional support for two factor authentication. Users can choose to receive a unique one time security token for each login, and/or get a browser-side certificate. Most users will find this overkill.
From a usability standpoint, the biggest drawback is the need to stay logged in to an active PIP browser session. Users could set it to their home page, I guess, and make it the first sign each time they use their browser. One use case that is particularly compelling – mobile devices. Verisign says iPhone support is coming very soon – Verisign says they are experiencing “a few challenges with certificates on the iPhone Safari.”
A last, possibly unintended feature: the pop up box is a great easy navigation tool for much-visited sites.
“But it has Verisign’s strong reputation”
Some will find this quite funny.
love this.
anything that can sync passwords regardless of browser and OS is a godsend. Roboform + Foldershare only goes so far.
This may not be the end-all-be-all but its definitely a good start on the right path that will force others to innovate in the same direction.
Fuck Verisign.
That is all.
Although I can appreciate the effort to feel sound about this approach to identity management, there is a fine line between making decisions that are sound and worthwhile in resolution and feeling like your identity is nothing more than a witch hunt. I truly believe that Versign’s intentions are good but this interface looks like nothing more than a jumbled mess that leaves you pushing buttons like those found on carnival amusement games.
Identity should be something that is trusted and held in high regard with respect to management and participation within a larger ecosystem. This approach makes me feel like i’m opting into a marketing spin that perpetuates itself beyond reasonable confidence, leaving one concerned and slightly confused.
To feel good about providing my identity in a respectable manner, the interface must come across as trustworthy as much as the identity that it claims to represent. Instead this appears to cheapen the experience of truly attempting to derive credible claims that are as strong as the underlying technology that is used to facilitate the transaction.
If we all choose to accept this approach, we are destined to lower our expectations across other experiences in the landscape and I worry that will degrade the overall value of the relationships that we are attempting to establish, even if behind the scenes we all believe and trust that we are who we state we are.
I’ll stick with my beloved RoboForm
I don’t like the idea of one password/portal to all my accounts across the web. Once the security is breached every site account can then be accessed. How is this prevented and how fail safe is it?
Its good to see Verisign take this. I have been looking for some solution to manage my identity but was uneasy to give it to hands of some startup/relatively less known company.I think that I can trust Verisign for their reputation
But I find that site don’t allow to manage multiple identities for a single site. Any one know whether it’s possible?
I’ll stick with BugMeNot.. who needs private credentials.
The email to generic mailboxes is always so much more interesting than mine anyway
Identity management is a dirty job but someone has to do it!
Good night all
Very interested tool for us tha forgot all.
Thank fot the tip.
Zegga
http://www.tecnovi.net
I use the 1password application, which I highly recommend; they have an iPhone app too
I tried it and it is quite a pain to use. It just shows how little VeriSign knows about usability and what consumers need.
If they are serious they should stop the lab work and just host the most popular MashedLife.com for the consumer market.
Nice try though
You can also store your passwords securely for free on myVidoop by installing its IE and Firefox plugin. Passwords can be stored online or offline on your computer. Passwords that are stored online will be accessible anywhere there is an internet connection.
Our Firefox plugin also fills out online forms based on the info that you store with us. A new IE plugin will be released very soon to also support the form fill feature.
As far as account authentication goes, myVidoop supports multi-factor authentication and no longer uses password. It uses the ImageShield technology where your access code is the combination of your secret categories.
You can check us out here: https://myvidoop.com and our blog here: http://blog.vidoop.com
I believe “multifactor” refers tohaving 2 or more of the follwing
:
-Something you know
-Something you have
-Something you are
Myvidoop seems to only encompass “something you know”.
Am I incorrect?
myVidoop uses multi-factor authentication: something you know & something you have.
The “something you know” is your access code and the “something you have” is your email or your phone (voice and/or text).
You can read more about it here: https://myvidoo...activation-code
One does not *have* an email, that is something you know. Examples of “something you have” include, but are not limited to:
RSAkey
Smart Card
Yubikey
If you use Paypal you can get an RSA token for $5 (free to business accounts). This token can be used with verisign’s PIP
Not sure it makes sense to launch a security product in Beta mode…”uhh sorry about that but we exposed your user name and passwords to millions of people, but as we said its still in Beta” thats not really a reasonable answer to provide customers
i hope you don’t have any important emails in your gmail (assuming you have one since you read techcrunch) because after 4 years, it’s still in “beta”.
Good one!!! so true.
Verisign was unsufferable when they had no competition.
Now that they have competitors in certain areas, they can be ignored.
They continue to be the worst in terms of usability and customer experience. Given how little they seem to care, would you trust them with your identity?
I’m not a fan of this whole way of doing it. Until someone figures out how to make every site I use work(reverse proxy/http recorder?) I’m not going to use it.
Check out Passpack (I’m a co-founder). There is no pre-approved list of sites that you can login to — you can train Passpack to log you into about 90% of sites you’ll come across in three clicks.
http://www.passpack.com
The trained login forms are stored in a community driven database, so you’ll often be able to login to more popular sites straight off since most of them have been trained already by other users.
One ring to rule them all.
Regarding to such Verisign service, I think people will fall into love or hate camps.
My (german) startup eingelogged.de (https://eingelogged.de) does the same thing – but we support nearly 200 sites right now – growing every day. We support profiles so you can store different login credentials for one site (office, private, …). Check it out.
I wonder whether this means our http://www.Saleyards.com’s login URL (loginentry.com) might become a sought-after marketing commodity?
(I wouldn’t want a third party managing our clients login entry point – Could be OK for newsletters and spammy stuff tho’).
I’ve been using http://clipperz.com for some time, and I find it pretty handy.
Clipperz is a good site. Verisign really kicks serious password butt though… kind of like this… http://www.goth...te.blogspot.com
I would rather just use my browser to remember passwords.
A single login of any kind, stored on a server of some company, and offered for free to consumers means one thing:
Data mining of personal browsing habits and whatever other data said company is provided (demographic?) with subsequent sales of that data
I would be willing to pay for a good solution to identity mgmnt, but I want control over ALL the data and everyone that has access to it. I’d pay $200 for a good solution.
I use Digital Persona which came with my Dell Studio laptop – one swipe of my finger is all it takes to access my password protected sites – very sweet as I used to log on manually to PayPal and eBay about 15 times a day!
I have 6 minus 1 reasons why I prefer Roboform over PIP.
Check it out : http://tinxmone...dentity-portal/
ClickPass looks better and is slicker in terms of functionality.
On eingelogged.de we have a list of our supported sites: https://eingelo...vices/?show=all. The only thing a user has to do is to register on eingelogged.de, browse the services (”Dienste” in German) and enter his credentials. From then on he is able to perform a one-click-login…
We are working hard on the next features and a soft graphical relaunch.
If this is a double post: Sorry for that but the first version of the post didn’t appear…
On eingelogged.de we have a list of our supported sites: https://eingelo...vices/?show=all. The only thing a user has to do is to register on eingelogged.de, browse the services (”Dienste” in German) and enter his credentials. From then on he is able to perform a one-click-login…
We are working hard on the next features and a soft graphical relaunch.
one thing missing on their site – and the review – is a list of supported sites!!!
If this is a double post: Sorry for that but the previous versions of the post didn’t appear (tried to reply to Shu)…
On eingelogged.de we have a list of our supported sites: https://eingelo...vices/?show=all. The only thing a user has to do is to register on eingelogged.de, browse the services (”Dienste” in German) and enter his credentials. From then on he is able to perform a one-click-login…
We are working hard on the next features and a soft graphical relaunch.
Let’s call it a triple
TC should warn people near the comment box that linking in the comment field to lesser known site may delay posting.
Oh yes
. That would be great 
I’ve been using Pageonce for a while. It manages all my passwords and I can also see info for all my accounts on one page.
Just a friendly advice as I have told you before – Usability is even more important than security for the mass consumer market. PIP is more than clumsy to use it now.
You really should support Yubikey to be a more elegant solution.
Just 2 cents
Quick history: PIP was initially launched a little over two years ago as an OpenID provider under Verisign Labs. The initial version was built on Rails by Eastmedia ( http://www.eastmedia.com ), based on Ruby Libraries created by JanRain. The PIP on Rails was one of the first major deployments of the Mongrel web server for Rails, and Verisign’s hardcore testing was an important part of getting it ready for wider adoption.
It is no secret to the OpenID community that there are some fairly complex user experience issues involved with providing SSO and identity online that is secure and easy to use. I absolutely guarantee that they want to hear your feedback and would love user experience, usability and interaction designers to get involved to help solve these issues.
Whatever I see the BREAD and (Yes) also the butter being whisked away from similar companies like “ClickPass” and “PassPack” …
http://mydating...e.blogspot.com/
Using Firefox’s password manager to INCLUDE use of the master password feature makes signing in anywhere a one password access to everywhere. Once you enter the master, the individual site’s saved password auto fills. But not without the master. It’s all I need to do what I want.
I find that many haven’t tried the master feature and don’t know what it does.
Password storage and sign-in systems like the firefox password manager are “local” and therefore do not really compete with web-based systems – which allow to use your once-created site from different devices.
I’m the co-founder of http://www.allyve.com and we, like VeriSign obviously also does, believe that users will NOT use a website just for the sake of managing your logins. Instead, you need a personalized page displaying individual information PLUS the benefit of the SSO functionality (like VeriSigns PIP offers).
I’ll stick with my Roboform portable