Over at Live Reckoning (nee DreamingReal, nee Heresies & Blasphemies, etc.) Steve turns us on to the free Verisign VIP app for the iPhone. He correctly points out that it’s a fantastic replacement authentication token for the bulk PayPal football. While Verisign still claims it’s in Beta, the Personal Identity Portal (PIP) seems to have far-reaching utility. (VIP is not PIP, but VIP can and should be used to apply dual-factor authentication to PIP.)
PIP is Verisign’s offer of OpenID, password vaulting, secure cloud storage, and web PIM.
OpenID is, at its core, the promise of one-click sign on. Yahoo, Google, ClaimID and others provide OpenID support for your accounts there, but Verisign’s PIP has the added benefit of the dual-factor authentication provided by the VIP application. More and more sites are beginning to support OpenID standards (recently Facebook provided the option). If you use PIP+VIP to secure your OpenID, the native account info for the site can be locked down tight. Once I got Facebook working with my PIP, I changed my native Facebook account password to a random 64-character password.
Besides OpenID, PIP also provides a single-signon interface to a bunch of popular sites (Netflix, Amazon, Google, etc.) by vaulting your passwords. Again, if you secure these native accounts, your PIP+VIP brings an extra layer of security to your online accounts, trivial or significant. You may already have desktop software for this (1Password, for instance). One-click signon works via a bookmarklet and seems convenient.
As a personal identity management site, PIP allows you to share as little or as much information about yourself, your interests, and your online presences as you wish at your PIP URL (the pip.verisignlabs.com address that is also your OpenID). Nothing groundbreaking here, but all the links you add appear in a CoverFlowesque interface.
Finally, PIP provides 2GB of cloud storage they call File Vault. Everyone’s handing out 2GB of cloud storage these days (my favorite: Dropbox). File Vault is the only PIP service that requires the use of a dual-factor credential (e.g., VIP). The FAQ doesn’t detail the security involved, but launching the applet involves a cool graphic of a giant vault door unlocking for you, so it must be secure. Verisign’s got a good track record, but that’s according to them. I don’t really believe that the Maytag repairman is that underemployed, and I’m not ready to store my birth certificate in an online vault just yet.
Verisign used to hand out marginally-useful personal email certificates so you could sign/encrypt your messages (provided you use an S/MIME email client like Outlook) that didn’t even have your real name on them, so this is a big step in the right direction. There’s a lot of useful services under this PIP umbrella, and it’s all free. Even if you end up just using the VIP application on the iPhone to sign into Paypal and Ebay, give it a look. You can find me at tcjennings.pip.verisignlabs.com. Or right here, if you prefer.