OneID‘s team knows that logging in to site after site is a pain for users–and as a sequence of high-tech hacks have shown, passwords are generally insecure. Which is why OneID’s proposing a new tech “next-generation digital identity service” to neatly scoot around both of these issues.
The service launches today as a public release for developers, and the press release notes it’s all about enabling customers to “sign in to websites and pay online with a single digital identity,” with the ultimate goal of improving the experience for users and site owners because it “reduces the friction, fraud, and costs associated with authentication and financial transactions.”
It’s apparently as simple as inserting a “few lines of code” at the developer end of things. But this simplicity would seem to belie the “advanced asymmetric cryptography” and “unique distributed architecture” that makes the whole shebang work. Without revealing their secrets, of course, OneID explains the tech works using public key cryptography (a similar amazingly clever tech to the one that enables secure transactions on web pages such as Amazon’s) and it works on browsers, mobile devices, websites, and the cloud.
The press release notes it’s all about replacing a “shared secret” (passwords) with a public key (the cryptographic angle) because the password system is broken. CEO Steve Kirsch spoke to Fast Company to explain more: “The idea behind OneID is to move us out of the Stone Age and into a more modern age where we’re using the latest crypto technology so that we can securely log in to websites, so we can share information, authorize transactions, and so forth. It’s kind of a ‘Burger King’ for identity–it’s a ‘have it your way.’ There’s always a convenience/security trade-off, and usually anytime you introduce security convenience goes way, way down. So we make it possible to introduce security without sacrificing convenience.”
Of course there are other solutions in this space, like Facebook Connect and Oauth solutions (those “login via Twitter” buttons work using this), and Kirsch noted that introducing OneID to partners is a movable feast: “Some people will say, ‘Oh, call us back when you have a million sites’ or ‘call us back when you have 10 million users.'” But he’s confident that many people are already comfortable with the benefits his tech offers, and that within a few years “thousands” of sites will be using OneID.
Most interestingly, the company is extremely flexible in its thinking about monetizing its service. “People seem to be willing to pay for this,” Kirsch noted, “so we can make money by charging consumers, we can make money by doing transactions for sites, approving transactions and charging them a fee–but our costs are lower than the fee that we charge. Kind of like a PayPal model, where some sites say ‘we don’t want our users to pay a fee, we want to make sure it’s free for them so we’ll pay you a fee.'”
And here’s the kicker that really makes the tech different–it doesn’t involve a OneID username or password, in a traditional sense at the customer level. To share your identity, to authorize a site to log you in for example, OneID has a “personalization” service that Kirsch describes like a Twitter handle–you can pick a tag that’s not your name, and so on, for convenience. All the secure technology handshaking between the login site and your ID then happens in the background.
The proof in this pudding is in the eating, of course. We’re pretty convinced many Net users would love a simple one-click sign-in/sign-out system that was simpler and yet more secure than a password/username combination, and that many folk are now convinced that passwords are insecure. But what OneID needs is for some high-profile sites to quickly embrace its offering, and to get its tech out there and accessed by millions of users–then it’ll be proven a success. The firm’s off to one good start, anyway–it was just now a finalist at the SXSW Interactive Accelerator for 2012.