N-Website Authentication

This idea tackles the problem of online authentication and tries to make it harder for bad guys to log in to your account.

Suppose there were a server-side "neighborhood watch" protocol/service set up on popular sites like google.com and yahoo.com. I could set my google account to REQUIRE that I am logged in to my yahoo.com account before allowing me (or anyone) to log in to google.com. In other words, when set up correctly under this scheme, servers would do a little "background check" among neighbors to make sure you are who you say you are. The paranoid (and some, rightfully so) could set up a chain of authentication- -"N-website" authentication. In this example, in order to login to yahoo.com, I have to also be logged in to, say, amazon.com; in order to login to amazon.com, I have to be logged in to some obscure little website that no one would guess... therefore, google.com becomes the strongest link at the end of a chain: a person would have to first login to obscurelittlewebsite.com, followed by amazon.com, followed by yahoo.com, before being allowed to log in to google.com.

The protocol would be pretty simple--basically, a layer around the authentication portion of each participating website that allows other websites to ask "Is user xyz currently logged in?" This, coupled with an additional setting (call it the "neighborhood watch" setting), would do the trick--a pointer to another account on another website. The user would go to the "neighborhood watch" section and fill out the address of the other website (e.g. yahoo.com) and the user's account on that website.