Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
Sugar and spice and unfettered insensibility.

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


     

N-Website Authentication

You can't log in unless you're first logged in somewhere else
  (+4, -1)
(+4, -1)
  [vote for,
against]

This idea tackles the problem of online authentication and tries to make it harder for bad guys to log in to your account.

Suppose there were a server-side "neighborhood watch" protocol/service set up on popular sites like google.com and yahoo.com. I could set my google account to REQUIRE that I am logged in to my yahoo.com account before allowing me (or anyone) to log in to google.com. In other words, when set up correctly under this scheme, servers would do a little "background check" among neighbors to make sure you are who you say you are. The paranoid (and some, rightfully so) could set up a chain of authentication- -"N-website" authentication. In this example, in order to login to yahoo.com, I have to also be logged in to, say, amazon.com; in order to login to amazon.com, I have to be logged in to some obscure little website that no one would guess... therefore, google.com becomes the strongest link at the end of a chain: a person would have to first login to obscurelittlewebsite.com, followed by amazon.com, followed by yahoo.com, before being allowed to log in to google.com.

The protocol would be pretty simple--basically, a layer around the authentication portion of each participating website that allows other websites to ask "Is user xyz currently logged in?" This, coupled with an additional setting (call it the "neighborhood watch" setting), would do the trick--a pointer to another account on another website. The user would go to the "neighborhood watch" section and fill out the address of the other website (e.g. yahoo.com) and the user's account on that website.

canadaduane, Jul 30 2011


Please log in.
If you're not logged in, you can see what this page looks like, but you will not be able to add anything.



Annotation:







       Very good idea. Obscurelittlewebsite.com does not exist, yet...
zeno, Jul 30 2011
  

       What happens when the owner of Obscurelittlewebsite.com forgets to pay their annual renewal fee?
pocmloc, Jul 30 2011
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle