Site Owner FAQ

  1. What can PrefPass do for my web app?
  2. Why would I want users on my site using someone else’s ID?
  3. What do I have to do to add PrefPass?
  4. Doesn’t this bring up all kinds of security issues?
  5. OK, sounds great. But I’m still not sure I understand how PrefPass really works.
  6. Is it a good idea to have my site’s sign-on depend on PrefPass? What if you guys have problems?
  7. Why not just integrate all those ID systems myself?
  8. Are there any other differences between using PrefPass and natively integrating external IDs?

  1. What can PrefPass do for my web app?

    PrefPass is an easy way to get more users registered for your site. By adding PrefPass to your site, you can let users register and log in without having to choose and remember another password; instead they can just use the IDs they already have, from Yahoo! to AIM to Facebook to OpenID.

  2. Why would I want users on my site using someone else’s ID?

    Because more user will sign up! Choosing and managing passwords is a big pain point for users, especially when they consider whether to use a new site or just stick with whatever similar functionality exists at Facebook, Yahoo, or AOL, where they already sign in every day. By supporting these IDs at your site, you can level the playing field and make it just as easy for users to try out your site.

  3. What do I have to do to add PrefPass?

    Adding PrefPass to your site is as easy as can be. You just sign up, enter your site details, and then paste some code on your registration and login pages. Instantly, your users can use IDs from Yahoo! to AIM to Facebook to OpenID. No libraries to integrate, no new versions to keep up with, and absolutely no changes to your registration and login process or user database.

  4. Doesn’t this bring up all kinds of security issues?

    Not at all. In fact, in some ways your site is more secure with PrefPass! When users bounce to their ID provider from your site, they can see that they’re actually at Yahoo!, or AOL, or Facebook. Nobody else will ever see their login. And when they bounce back to your site, we work in the background to log them in using a strong password that is unique to your site. This is a big improvement over the usual scenario, where users choose the same password at every site.

  5. OK, sounds great. But I’m still not sure I understand how PrefPass really works.

    One way to think about PrefPass is as a online secure password manager that takes advantage of the publicly available ID APIs. For example, let’s say Bob decides to register at your site using his Facebook ID. He completes your registration form and hits the submit button. This bounces him over to a special page at Facebook, where he signs in if he isn’t signed in already, and then gives permission. What he’s really doing here is using his Facebook ID to log into PrefPass! Once he logs into PrefPass, we create a strong password for him, stick it into the registration form he filled in, and send it back to your site. So from Bob’s point of view, he just used Facebook to log into your site; but from your point of view, Bob just registered at your site using a password, just like any other user. Everyone is happy!

  6. Is it a good idea to have my site’s sign-on depend on PrefPass? What if you guys have problems?

    We’ve gone out of our way to make sure this isn’t an issue. Our code is designed so that if PrefPass servers fail to respond, your normal registration and log in process continues unaffected. What’s more, if your users want to stop using either PrefPass or the ID they signed in with, it’s no problem: since they are regular users in your system, they can use the “Forgot your password” link and establish a direct login at any time. With PrefPass there’s no lock-in, and no unbreakable dependency on either PrefPass or any particular ID system.

  7. Why not just integrate all those ID systems myself?

    Definitely an option! But supporting the various evolving auth APIs is a distraction, hard work, and usually requires changes that go all the way down to your user database and application flow. Adding PrefPass is simple, letting you outsource identity just like you might outsource ad serving, analytics, or RSS feed management.

  8. Are there any other differences between using PrefPass and natively integrating external IDs?

    Yes! When you natively support external IDs, the users who use those IDs are different than your other users: they don’t have a password. This means that if they lose or decide they don’t like their ID provider, they have no way to log into your site unless you provide some special functionality. PrefPass avoids this issue by logging each user into your site with a strong password. Users experience a seamless single sign-on, while your site sees a normal sign-in like any other.

Resources