The idea of a unified login system is a great one. Think about it: wouldn't one login for everything be great? Not a ton of passwords to mess around with, and no risk of the "one password for too many sites" security hazard. (Except, of course, for the fact that you can access all those sites with one password anyway.) The idea, however, is that the few providers of these Master Accounts would be so secure that the only risk of users being compromised would be human error, and on your side of things at that. Compared to the risk of some minor site being hacked and your "one password fits all" master password being out there, it sounds pretty good.
That's why OpenID (www.openid.net) is interesting, and that's why the giants like Yahoo!, Google and Microsoft are interested in this. For the same reason Facebook Connect (developers.facebook.com/connect.php) exists, a unified login using your Facebook account. The Sign in with Twitter (apiwiki.twitter.com/Sign-in-with-Twitter) solution is something similar, but using Twitter of course, and the list goes on.
You may wonder why you should even consider using your own sign-in procedure if you can lean on those giants. Most WordPress sites don't have their own sign-in procedures for anyone other than the actual writers and administrators, at least not for commenting. It is usually enough to leave a name and an e-mail address. However, if you want sign-ins, one of the unified solutions is worth considering. I would like to point to OpenID, but the truth is that Facebook Connect is way more user-friendly (right now) and besides Facebook is an OpenID member so it isn't such a big deal after all.
Soon you'll be using your Google and Live.com accounts to sign in across the Web, alongside Facebook and Twitter, all perhaps being connected through the OpenID Foundation. Or not. Either way, the thing is you should consider a unified login for your site if you need login functionality for your users. There are plugins that solve this for you (you'll find them in Chapter 11), but don't let that stop you. Read up on the services themselves and make up your mind regarding any potential user registrations in the future.
Was this article helpful?