Security/identity · 2007-01-04

Lovin’ loggin’ in

Dave Kearns remarks on the vast gulf between the identity-based behavior of teens and adult business folks. He quotes danah boyd’s ruminations on ephemeral profiles: “Forgot your IM password? Sign up again. Forgot your email address? Create a new one. Forgot your login? Time for a change. …. Some teens chew through IM handles like candy; their nicks are things like “o-so-funny” rather than the first name, last name standard that seems to pervade professional worlds.”

Certain aspects of this behavior gap aren’t limited to teens. Until this decade, I had never had an email account that wasn’t handed to me by an employer, so all my handles were boring. But when my mom finally got email, she was free to have fun with it, and named it whimsically. Also, a young miss of my acquaintance, seven years old, has an account at Webkinz and visits it daily. She also changes her password daily. For fun. Huh??

(My own xmlgrrl handle got started, in case you’re wondering, when I found myself on a cruise ship with a nascent business-center capability in the late 90’s, and they were temporarily giving out net access for free. What a concept! I tried to telnet into my home machine to send email (“Guess where I’m writing this from?”) but failed, and the attendant suggested I create an account at one of the free service providers. I ended up doing that, but all the obvious logins seemed to be taken. Having created a bracelet with charms that spelled out “xmlgrrl” as a joke on one of our shore excursions, I hit on this as a handle that was unlikely to be used already. Bingo.)

But as danah points out, “While losing passwords is common amongst adults as well, starting over happily isn’t.” I certainly don’t consider it fun to set up new accounts over and over, and I bet teens wouldn’t either if they were, say, applying for a pile of entry-level jobs over the web. Lots of people get new personal email accounts — very unhappily — to stem the tide of spam.

Dave ponders: “Perhaps – some time in the not so distant future – they’ll be clamoring for a way that they can unite all of their “identities” – but only if they can guarantee that they alone can see the consolidated material.”

If a person is is going to ask for assistance from a service on the web in doing this consolidation, that service will necessarily have to know something about her (otherwise she might as well keep everything in her head like she does now, her brain being the only existing consolidation point), but federation through the exchange of pseudonyms keeps it to a minimum. In this way, consolidation corresponds pretty well with the federation portion of the taxonomy I had drawn up a little while back. I’ve refined it to focus in on the relevant bit:

Identity taxonomy, refined and focused

Whether people have URL-based identifiers or some other kind, they’re just as likely to have more than one than only one. It would certainly be Bad for a worldwide-scalable identity system to make everyone get exactly one. So far, quite a lot of people — not just teens — using the network for non-business reasons are comfortable creating and playing with many identities for themselves. As soon as they’ve invested something significant (perhaps, as danah notes, involving a mobile device, or just inputting data that they really really don’t want to have to input again) in enough of them, consolidation will become attractive indeed.