Simple single sign-on

Today's 2.75-minute screencast features Nic Wolff's ingenious solution to the vexing problem of single sign-on to websites. I've mentioned it before, but I suspect few outside the geek community read those postings or "got it" if they did. We'll see if this narrated visual demonstration can manage to cross over.

I was reminded of a couple of things while making this screencast. First, the bookmarklet will fail if the domain name of the registration page differs from the domain name of the login page. In that case you'd need to use the standalone version of the generator. I was going to demonstrate that, but then I couldn't find a case where the domains differed, so maybe it's not a big deal.

Second, the bookmarklet's password field doesn't hide the characters you type. The reason is that it uses JavaScript's window.prompt, not a fullblown HTML form. The workaround here is the same: use the standalone version if someone's looking over your shoulder. The bookmarklet could be altered to use a real form, and maybe someone will undertake the necessary DOM gymnastics. Meanwhile, I wrote up a request for window.prompt to take a password option, and sent it to Web Hypertext Application Technology folks who are collecting these kinds of suggestions. My last request, which resulted from this item, asked for an easy way to issue a non-interactive HTTP POST from JavaScript, and now it's in the WHATWG queue.

By the way, the New York Times registration page -- which serves as the basis of the demonstration -- has a typo. It took me the longest time to spot it. In case it eludes you too, the video points to it with a callout.

Update: It was inevitable that a Greasemonkey-enabled version of this idea would surface for Firefox users. And today one did. Two, in fact. First, Sam Ruby pointed to Pwd Composer. Then Johannes la Poutre wrote to point me to Password Composer. Both, in different ways, dynamically add master passphrase fields to HTML forms that have password fields. Sweet!

Former URL: