Facebook has added OpenID functionality to its site. It will make life slightly easier for many users, though it’s also a symbolic moment in the scheme’s development.

The idea of OpenID is that a user who is signed up to one member site can use the same log-in details for any other member site. Doing so will also automatically transfer some user settings and details such as  your location.

To avoid the security headache of a central database, no user details are stored by the scheme itself. Instead, the details are stored and verified by the first OpenID-enabled site at which a member signs up, and protected by whatever security measures are in place there.

Of course, for such a scheme to be of any help, it needs the support of the major players. The scheme took a step forward last October when Google and Microsoft joined Yahoo as members, though both Google and Microsoft are insisting that they be the site at which members join first, and are refusing to accept OpenID log-ins that come from other sites.

Facebook joining is another important step simply because of its user base. The site officially joined the OpenID scheme in February with the firm’s Luke Shepard joining the scheme’s board, and Facebook donating $50,000.

This week the site implemented the technology for the first time and becomes the biggest relying party – that is, a site willing to accept any OpenID log-in. To give one example of how this works in practice, somebody with a Gmail account can sign up to Facebook without having to select a new password. Existing users can also link accounts so that, for example, once you are logged in to Gmail, you don’t have to re-enter your details when you visit Facebook.

If you are planning to take advantage of the OpenID scheme, it’s worth remembering that the concept goes against the security principle of having different passwords for different sites. This makes it particularly important that you keep the log-in details at the first site confidential and change them regularly. You should also continue to use separate detail for any site storing your financial data. And you should take particular care to log-out of all Web sites if you are using a computer which other people have access to, particularly in public places.

Related:

Entry was posted on Tuesday, May 19th, 2009 at 11:28 am under Security, Social Media, Web2.0.

Read more entries by John Lister.
Stumble It!