Authentication Interoperability – don’t fear the outside world.
As hosters it’s very easy to be mildly (or even agressively) paranoid. Historically everyone out there was trying to take your customers away from you and it was important that you provided everything that they, your customers, needed so that their eyes didn’t stray.
Today’s Internet / Web landscape is very different though. There are far more services available than any one hoster – even if you’re a Google – can effectively deliver and the key to keeping your customer happy is not to give them everything, but to give them access to it. The difference is slight but the effect is major.
Don't limit your customers or they may not be!
I was flitting around doing some research this week and twice I came across web-applications which allowed me to authenticate using 3rd party sources. Now I’m using the term ‘sources’ here for two reasons, firstly because it grammatically correct but secondly – and more importantly – because there were indeed multiple options to choose from on each occasion. Now it’d be easy to dismiss this as simply coincidence following the premise that “if you look for something hard enough, you will eventually find it” but I was simply pinging across my network of sites and interests and bang! there they were, two totally different environments and both using some of the same external authentication sources.
Well 3rd party authentication isn’t new of course, Microsoft had a good go at it with the Passport (now Live ID) and it was picked up by quite a few externals, but it now seems to be predominantly an MS exclusive authenticator – I used to use Passport to log into Expedia for example, but they dropped it in favour of a local system. But it now seems that other platforms are becoming de-rigueur for user identification and authentication purposes and I think it’s obvious why.
Take a system like Facebook – one of the options on both of my ‘hits’ – there’s a platform with millions of registered and highly active users, each knowing their account and password and are happy. Why then clutter up their lives with yet another user-name and password? AsĀ a supplier of a different service – let’s say one which allows you to organise all of your travel plans and manage them in one place – why would you not enable your customers to use the Facebook authentication service? Your customers only have the one user-name and password to remember and that makes them happy and a happy user is more likely to not only stay, but recommend the service to all of the ‘freinds’ on Facebook! Plus you can then leverage that account information to deliver your service directly INTO their Facebook account. It’s win-win!
Microsoft’s Passport came too soon and was face-backwards in it’s approach. They said “Create a single authentication account and sites may let you use it to access their services” a solution waiting for a problem, action with no immediate reward. Of course Live as a brand is now delivering some pretty good services and my Live ID(s) get a daily thumping for sure, but twice now I’ve used my Facebook account to authenticate me as a user of services. Sure there are going to be those who throw their hand up in horror and shout about commercial organisations, security, data-sales and all of that guff but if you’re careful about what you put out there, I can’t see any real harm.
The bottom line? If you are bringing a service to market, don’t place requirements on your users (or potential users) which may put them off. The option to use Facebook, Google, Google Apps (yes there are two.. I don’t know why), or Live ID for authentication purposes may be the single tipping point which turns a <click – next> into a sale.
