Clicking the large button on the Plaxo page takes you to a page at Google like this:
If you give consent to share a few pieces of information, you are sent back to Plaxo with all key registration steps finished.
The registration process used to involve more than 10 steps, including requiring you to find one of those 'email validation' messages in your inbox. If you've followed the steps above, you can now sign into Plaxo more easily — by simply clicking a button.
While Plaxo showed the first successful results of this technique in early 2009, other companies like Facebook are starting to use the same model and to recognize its business value potential. At the same time, the hybrid onboarding model improves authentication security because websites like Plaxo that use this technique never see a password from you at all. Since you don't have to enter your password on additional sites, your password remains closer to you and is less likely to be misused. We'd like to applaud Plaxo and Facebook's work in designing the user experience needed for this technique as well as pushing us to create the optimizations needed to carry out their design. Today we're happy to announce that all of these login flow designs are now available to any website operator. All of these hybrid onboarding techniques are based on industry standards that both Google and Yahoo! support, and that other email providers are beginning to support as well. For more technical details, check out our Google Code Blog post.
Hybrid onboarding is also being used by Enterprise Software-as-a-Service vendors — such as ZoHo — that want to eliminate the need for employees at their customers' businesses to create another password. More details are available on our Enterprise Blog. In addition, after a thorough evaluation of the security and privacy of these technologies, the same techniques are being piloted by President Obama's open identity initiative to enable citizens to sign in more easily to government-operated websites.
There is still a long way to go before you'll be able to trim down your long list of website passwords, but this progress demonstrates the potential for even the largest websites to adopt to adopt the hybrid onboarding model. We hope many other websites will follow.
Posted by Eric Sachs, Product Manager, Google Security
"
While Plaxo showed the first successful results of this technique in early 2009, other companies like Facebook are starting to use the same model and to recognize its business value potential. At the same time, the hybrid onboarding model improves authentication security because websites like Plaxo that use this technique never see a password from you at all. Since you don't have to enter your password on additional sites, your password remains closer to you and is less likely to be misused. We'd like to applaud Plaxo and Facebook's work in designing the user experience needed for this technique as well as pushing us to create the optimizations needed to carry out their design. Today we're happy to announce that all of these login flow designs are now available to any website operator. All of these hybrid onboarding techniques are based on industry standards that both Google and Yahoo! support, and that other email providers are beginning to support as well. For more technical details, check out our Google Code Blog post.
Hybrid onboarding is also being used by Enterprise Software-as-a-Service vendors — such as ZoHo — that want to eliminate the need for employees at their customers' businesses to create another password. More details are available on our Enterprise Blog. In addition, after a thorough evaluation of the security and privacy of these technologies, the same techniques are being piloted by President Obama's open identity initiative to enable citizens to sign in more easily to government-operated websites.
There is still a long way to go before you'll be able to trim down your long list of website passwords, but this progress demonstrates the potential for even the largest websites to adopt to adopt the hybrid onboarding model. We hope many other websites will follow.
Posted by Eric Sachs, Product Manager, Google Security
No comments:
Post a Comment