I wanna love the Poken (but I can't)
Foosel beat me to the punch with her Poken, or how to FAIL article, I publish mine anyway…
I got a new toy at my visit at the re:publica conference a few weeks ago: a Poken.
In case you haven't heard of it yet. A Poken is a small, relatively cheap1) USB device. Besides the USB connector, it has a two colored LED (red/green), a button, some RFID hardware and a animal/alien shaped plastic cap of questionable aesthetics covering the connector.
So what is it good for? It is best described as “business card 2.0”2). Instead of exchanging little paper cards with people you meet, you just hold your Poken to the Poken of your acquaintance and your contact data and social media profiles are exchanged by some RFID magic.
Well, so far the theory. Of course the Poken device doesn't store all your data directly on the device. Instead the Pokens exchange device IDs and timestamps during the handshake3).
When connected to your computer the Poken is recognized as standard mass storage device containing an HTML file and a plain text help file. Platform independent and simple – good. Unfortunately that's where the good things end.
Opening said HTML file will redirect you to the Poken website, where you have to register your Poken. To do so, you need to create an account of course. No OpenID support unfortunately, but it gets uglier.
As I said the idea is not only to exchange your traditional contact data but your social media profiles as well. You can choose from a list of predefined social network sites4), enter your username/emailaddress and WTF? Are they seriously asking for my password there?
A random website asking me to provide them full access to all my social network profiles!? They must be kidding, but they are not:
Your password confirms that this really is your account at the social network - we don't store this password
Yeah, sure, as if anyone would verify what I print on my business cards. I can't understand how this still seems a perfectly normal thing to do for websites. And what surprises me even more is how many people simply give away their passwords just like that…
It is so sad. I so want to love the Poken because the initial idea is just nice. But their software side implementation decisions are just so amateurish that it is really ruining the whole thing for me.
My Poken identity now simply points people to http://www.splitbrain.org/personal which lists all my social web profiles.
PS: I just came across the name for this bad habit of asking for people's passwords: it's called the Password Anti-Pattern.