OpenID, a way to sign on to multiple web sites with a single set of credentials, has incredible promise. Large companies have signed up. Thousands of website take OpenID sign-ins. All is good, right?
Well, not exactly. First, those big companies only issue IDs, they don’t accept them yet. And the user experience with OpenID is just plain bad. Users have to remember their OpenID URL, and are redirected to a sign in page. And it’s worse for people who already have an account at a website but want to start using their OpenID instead. Linking those two accounts isn’t easy.
That’s where new startup Clickpass comes in, which launches today. We first heard of them last year at a Y Combinator demo day, but the founders, Peter Nixey and Immad Akhund weren’t saying much at the time.
They are an OpenID issuer first. But they are also trying to make using OpenID much simpler for the user. First, they are partnering with sites like Plaxo, GetSatisfaction, Pownce and many of the Y Combinator startups. Those sites will show the ClickPass button, and users can sign in via OpenID with a single click (and they don’t need to remember their OpenID URL). If it’s your first time with OpenID, Clickpass will ask you if you have an existing account at the service you are trying to log into, and pass that information back to the site to join the accounts.
As you add sites to your ClickPass OpenID, you’ll see them listed on the Clickpass site. You are given a distinct OpenID URL for each site that you can use to manage multiple identities, all tied together on ClickPass. And if you choose to fill out profile information on ClickPass, they’ll autofill that information on new sites you join. Clickpass also ensures privacy controls by letting you choose what kind of information you want to share with the site. Conceivably the service could serve as a node for your personal data, connecting it between different website accounts.
In short, ClickPass takes the technical transparency and openness of OpenID and adds a layer of simplicity and familiarity.
Vidoop is approaching OpenID in a similar way, and PassPack is a non-OpenID solution. For launch they’ll be active on hacker news, Plaxo, Disqus, and through a WordPress plugin.
The user experience is clean. After you sign in to Clickpass, you can sign in to any OpenID-enabled site with a single click of their button.
If you don’t want to use Clickpass as your ID provider, you can link it to any other OpenID provider, but it would really defeat the purpose. If the site has OpenID but not Clickpass you can still sign in using their Firefox plugin or OpenID url from Clickpass.
Naturally some concerns arise with any centralized login system. Doesn’t this mean a thief only has to steal one password, your Clickpass password? Co-founder Peter Nixey says we already have this problem, though. Most services will forward forgotten passwords to your email account making Yahoo, Hotmail, or Gmail (especially now) the Achilles heel.
As for the more probable phishing attacks, Clickpass plans to implement unique visual or textual cues (photos or quotes) to let you know if you’ve been had. But overall, Clickpass doesn’t aim to start protecting your bank account, rather that plethora of useful services the provide a great deal of personal utility, but little value to hackers (logging in to my news.yc account can’t do much damage).
It’s clear that OpenID really needs a system like this to gain widespread adoption. That’s probably one of the reasons OpenID’s chair, Scott Kveton, joined Clickpass’ board. It’s also clear that the web needs something like Clickpass too.