May 12th, 2008
CallVerifID: Hi, it’s your OpenID account calling
Portland-based JanRain, arguably the leading developer for OpenID solutions, is on a roll. It seems like they just released ID Selector, and now they’ve come forward with another OpenID solution: CallVerfID.
CallVerfID allows OpenID users who login with an *.myopenid.com identity to take an extra security precaution with their login: getting a phone call.
And here’s the best part: it’s on any phone. Well, okay, any phone with buttons.
Instantly receive a call when signing into myOpenID. Simply answer and press # to authenticate. No certificates or text messages. Use any phone.
My point was: it’s not SMS messaging. It’s an actual phone call.
I even tried it with Skype and it worked flawlessly.
Since I’m always one to try to shoehorn an analogy into any situation, I’d say that CallVerifID is akin to your credit card company calling you when a strange charge request is made. It’s simply an added precaution to ensure that your credentials are being used by you, and only you.
So, why the added precaution? Do I really want to get called every time I post a blog comment?
No, of course not. But as OpenID begins to take hold, and more and more personal and business applications become available, this type of multi-factor authentication is going to become necessary. Because, at some point, there’s going to be some fairly sensitive information and access rights tied to that OpenID. Banking, travel, and shopping just to name a few.
JanRain’s solution is quite simple and elegant. And it’s easy to adopt, no matter what your technical expertise. I, for one, think this is a step in the right direction.
For more, visit JanRain’s myOpenID to learn about CallVerifID.