Last week a friend of mine asked me why count’t I simply do the same authentication scheme as on Blogger? From a user’s point of view, it made some sense: why have one more login, in as many sites.
Well, from a security point of view, it may also make sense. On the aftermath of the Linkedinscandal, where around 9 million hashed passwords were disclosed, and about 2 million passwords were recovered, I wouldn’t feel confortable having another unprotected database containing sensitive user data, even if that database was mine. It’s far better to have Google, Facebook or Microsoft handle it, and in a terror scenario, let them have the fall.
To make things even better, this is an Internet standard being developed known as openID, which would make different authentication processes interoperable.
And it mostly works, for those sites which support this, which at this moment are mainly Google and Yahoo.
Other such as Microsoft, and mainly haven’t yet seen the light (of standards usage, but this is not uncommon to Microsoft).
At the end, and after a few tests on different plugins, I rested on Social Connect. Let’s see how it goes.
This plugin integrates not only openID but also some other proprietary authentication protocols such as Facebook and tweeter. Obviously, nowadays, Facebook authentication is a major force on the market, and I would dare, more important in terms of login material than Google and Gmail itself. So, it’s a obvious choice in terms of authentication plugin for WordPress.