August 2, 1999

Password shuffle is inconvenient, causes security problems

A profusion of passwords has plagued end-users since the dawn of the Internet. If you're a regular Web shopper or if you frequent many online forums, you've probably registered with dozens, if not hundreds, of Web sites by now.

You may have used the same user name and password for each of those sites. But with this approach, if one of those sites turns out to be run by an unscrupulous or careless Webmaster, your universal user name and password may in short order be posted on alt.2600 or other online hacker hangouts. Then it's only a matter of time before someone logs on to Fatbrain.com with this virtual skeleton key to run up a bill on your credit card for $1,200 worth of Linux books.

Either intentionally -- fearing such a scenario -- or through happenstance, most people wind up with a handful of different user name and password combinations that they use across a variety of sites. That's when the fun really begins -- how do you keep track of all those access codes?

This is hardly a recipe for secure Internet commerce or customer convenience. With the Web fast approaching mass-market status, it's time for a change.

As I wrote a few weeks ago, electronic wallets may be one solution. (See "One-click buying makes online world spin a little faster," July 12.)

In addition to storing credit-card information, shipping information, and other personal data, electronic wallets enable one-click purchases at merchant stores -- but only those stores that are configured to work with the particular brand of wallet you're using. No one has come up with a universal electronic wallet.

Arguably, this incompatibility does have a business benefit for merchants. The more inconvenient it is for you to make a purchase at a new store, the more likely it is you'll continue shopping at a site where your credit card, shipping address, and shopping preferences are already on file. That's why I don't expect personal information sharing and payment processing standards, such as the Electronic Commerce Modeling Language, to be widely accepted anytime soon.

Another solution may come from a start-up called EZLogin.com, which aims to make itself into a kind of single sign-on service for the entire Web. EZLogin (www.ezlogin.com, naturally) stores all of your Web-user names and passwords on its secure server, and it uses agent technology to automatically fill out log-in forms for you.

The beauty of EZLogin's approach is that it doesn't require merchants or customers to install any software. It's not limited to I-commerce sites -- you can use it to log on to almost any password-protected site to which you have access. And it provides additional benefits, such as online bookmark management and the capability to give someone else "guest" access to one of your online accounts without giving them the password.

But I found EZLogin difficult to set up and use. Its interface is not easy for a novice to understand, and it provides few hints on how to get started. This makes it more suitable as a power-user tool than a consumer utility.

If such tools are going to make a difference to the increasingly wired consumer masses, they'll have to be much easier to use.

Until these tools gain wide acceptance, the burden is on Web merchants to simplify their own log-in and shopping procedures.

Tell me how your Web site makes life easier for your customers; write to me at dylan@infoworld.com.


Dylan Tweney is the content development manager for InfoWorld Electric. He has been writing about the Internet since 1993.


Internetworking points at necessity of data `garages'
July 26, 1999

Previous columns by Dylan Tweney

Increasingly global, the Web challenges U.S.-based companies
July 19, 1999

One-click buying makes online world spin a little faster
July 12, 1999

Web applications often fail to scale, much to the chagrin of CEOs
July 5, 1999


Every column since August, 1997


Please direct your comments to InfoWorld Electric.

Copyright © 1999 InfoWorld Media Group Inc.

IBM is the proud sponsor of the I-Commerce section on InfoWorld Electric.

| SiteMap | Search | PageOne | Reader/Ad Services |
| Enterprise Careers | Opinions | Test Center | Features |
| Forums | Interviews | InfoWorld Print | InfoQuote |