Single Sign-on? How About a Password That Works?

Get simple sign-on issues handled first before tackling something as complex as federated identity management

Plenty of mobile phone customers have legitimate complaints about bad service, dropped calls and insanely-difficult-to-decipher billing charges. After an upgrade of the Cingular Wireless network here in the Bay Area late last year, Ive had none of those problems.

My beef with Cingular centers on its Web site. From the day it began offering online account management, Ive been unable to authenticate to the site. Even when armed with a new ID and password, I get nothing but "We are sorry. Please wait 24 hours before trying to log in again."

So I had a good laugh recently when Cingular sent me an e-mail asking me to sign up for automatic bill payment using its Web site. I cant even get its site to authenticate me correctly so that I can look at the number of minutes Ive used at any given point in the month. Who in their corporate headquarters thinks Im stupid enough to let them automatically debit money from my bank account?

Im a sucker for maximizing utility, though. The potential of being able to simplify the billing process was so attractive I decided to give Cingular another shot. So yesterday I tried to log on to Cingulars Web site to look at the automatic bill payment options. Of course, I couldnt get on. I called customer service for a new password, and they couldnt get onto the system, either. Why? The site was down and no one, not even Cingular employees, could get access.

Perhaps I expect too much from my cell phone company. After all, I do get clear reception and rollover minutes now. But Cingular is a member of the Liberty Alliance Project, a group dedicated to developing open, interoperable specifications to federate identities across businesses, service providers, companies and individuals, and to provide single sign-on for Internet e-commerce. The companys working on something as complex as federated identity management, but it cant resolve its sign-on issues first?

Over the last week, Ive gotten a number of e-mails from readers in response to a package of articles we recently published on single sign-on. Most readers were interested in single sign-on solutions, particularly for external users such as customers, partners and suppliers.

While single sign-on, for now, centers mainly on the authentication of human beings, the issues IT managers are trying to resolve will only get more complex. Web services will certainly introduce the added element of authenticating and authorizing other computers along with applications and services running on the network.

As simple as it may sound, the key to eventually achieving single sign-on success is getting your house in order now. As my eWeek Labs colleague Cameron Sturdevant is quick to point out, an enterprise directory and a stable, well-understood set of applications need to be in place before you launch grandiose identity management projects.

I expect big things to come when Cingular does begin to take advantage of specs released by the Liberty Alliance Project. But in the meantime, Id settle for being able to pay my bill manually, online.

Have you solved your single sign-on problems? Share your secret to success at