August 2, 1999
Password shuffle is inconvenient, causes security problems
A profusion of passwords has plagued end-users since the dawn of the Internet. If you're a regular Web shopper or if you frequent many online forums, you've probably registered with dozens, if not hundreds, of Web sites by now.
You may have used the same user name and password for each of those sites. But with this approach, if one of those sites turns out to be run by an unscrupulous or careless Webmaster, your universal user name and password may in short order be posted on alt.2600 or other online hacker hangouts. Then it's only a matter of time before someone logs on to Fatbrain.com with this virtual skeleton key to run up a bill on your credit card for $1,200 worth of Linux books.
Either intentionally -- fearing such a scenario -- or through happenstance, most people wind up with a handful of different user name and password combinations that they use across a variety of sites. That's when the fun really begins -- how do you keep track of all those access codes?
This is hardly a recipe for secure Internet commerce or customer convenience. With the Web fast approaching mass-market status, it's time for a change.
As I wrote a few weeks ago, electronic wallets may be one solution.
(See "One-click buying makes online world
spin a little faster," July 12.)
In addition to storing credit-card information, shipping information, and other personal data, electronic wallets enable one-click purchases at merchant stores -- but only those stores that are configured to work with the particular brand of wallet you're using. No one has come up with a universal electronic wallet.
Arguably, this incompatibility does have a business benefit for merchants. The more inconvenient it is for you to make a purchase at a new store, the more likely it is you'll continue shopping at a site where your credit card, shipping address, and shopping preferences are already on file. That's why I don't expect personal information sharing and payment processing standards, such as the Electronic Commerce Modeling Language, to be widely accepted anytime soon.
Another solution may come from a start-up called EZLogin.com, which
aims to make itself into a kind of single sign-on service for the entire
Web. EZLogin (www.ezlogin.com, naturally) stores all of your Web-user
names and passwords on its secure server, and it uses agent technology
to automatically fill out log-in forms for you.
The beauty of EZLogin's approach is that it doesn't require merchants or customers to install any software. It's not limited to I-commerce sites -- you can use it to log on to almost any password-protected site to which you have access. And it provides additional benefits, such as online bookmark management and the capability to give someone else "guest" access to one of your online accounts without giving them the password.
But I found EZLogin difficult to set up and use. Its interface is not easy for a novice to understand, and it provides few hints on how to get started. This makes it more suitable as a power-user tool than a consumer utility.
If such tools are going to make a difference to the increasingly wired consumer masses, they'll have to be much easier to use.
Until these tools gain wide acceptance, the burden is on Web merchants to simplify their own log-in and shopping procedures.
Tell me how your Web site makes life easier for your customers; write to me at dylan@infoworld.com.
Dylan Tweney is the content development manager for InfoWorld Electric. He has been writing about the Internet since 1993.
Internetworking points at
necessity of data `garages'
July 26, 1999
Previous columns by Dylan Tweney
Increasingly global, the
Web challenges U.S.-based companies
July 19, 1999
One-click buying makes online
world spin a little faster
July 12, 1999
Web applications often fail
to scale, much to the chagrin of CEOs
July 5, 1999
Every column since August, 1997