Building notes, projects, and occasional rants

Follow-up to Authenticate Anywhere

Yesterday, Joel commented on my authenticate anywhere post, talking about the security and privacy problems with the Google authentication in Zooomr.

He is right, of course. Zooomr asks you for your login and password. Of you GMail account. And that's not good.

This is of course, because GMail was never designed to be an authentication mechanism, and people are abusing it. You could do the same with almost any ISP that offers POP3, for example, using that service to check credentials.

What I would like to see, to make things right, is for Google to start a OpenID service for their clients.

That would be very very good.

Update: check this comment from Kristopher Tate (lead programmer - about this problem. They are working on it, so expect a solution soon. I think the important part is that Zooomr guys are aware and working on a fix. Kudos to them. I would prefer that they didn't had to "fix it", because the "problem" could be solved by Google if they implemented OpenID.

Update 2: Well, it took almost no time at all. You don't have to use your GMail password on Zooomr anymore.

Technorati Tags: , ,