Why OpenID?
There's a growing discussion around the Web about the future of OpenID and whether it's really making lives easier for users. The article "OpenID Is Here. Too Bad Users Can't Figure Out How It Works" on Webmonkey shows some of the concerns users seem to have about this open authentication mechanism:
However, the usability problem has engineers and design experts scratching their heads. While the typical internet user probably already has an OpenID account tied to their Google account, AOL name or Yahoo ID, they still don’t know how to use it.
Poor usability seems to be one of the main obstacles to the wide adoption of OpenID on the consumer side, leaving users clueless about how it really works. Quoting the article "What is this OpenID Everyone Speaks Of?" on Pixel Bits:
Well. I don’t know about you, but to me? OpenID is nothing but a bunch of gibberish.
Well, is it? This article generated a good discussion on FriendFeed, because it directly questions OpenID usefulness and why users should abandon the username and password model that has been around for so long. Let's try to answer some of the questions.
Is OpenID hard to use?
The argument against OpenID is that URLs are too hard to remember, and using one to identify yourself is worse than using plain old usernames and passwords.
I believe this can be easily solved by exposing a friendlier user interface. Instead of simply asking for an OpenID, applications should start using solutions similar to JanRain's ID Selector where several OpenID providers can be chosen from a single interface.
What are the benefits of OpenID?
The major benefit of OpenID is the ability to sign in to multiple applications using the same identifier. Instead of remembering multiple usernames and passwords you just need to enter your OpenID and you're in.
Another benefit is that it's an open protocol upon which anyone can contribute. There are multiple Open Source libraries in many different programming languages, making it easy to implement your own consumer application solution.
Are there any good alternatives to OpenID?
Sure, there are alternatives, but they're all proprietary and they're not decentralizing the Single Sign-On solution. Also, they could be interoperable with OpenID, expanding their reach to a broader audience of consumer applications.
So, what next?
Much needs to be done about OpenID usability and how users react to it. OpenID should transmit the idea of a secure, easy to use and always available authentication solution.
Chris Messina is proposing some innovation on this area after he is elected as community representative to the OpenID Foundation board. If you care about OpenID and its future, I think you should cast your vote now.
subscribe
It’s really fun to see how much supporters and detractors openid has,to me it means if it doesn’t succed as it is, it will be adapted to satisfy all the complaints, I have very few complains about openid, and I like how it operates right now yet I’m still concerned about the level of security it’s needed for it, yet I don’t see that as an impossible issue to sort out.
I think you could also show your support by adding open-id for your comments.
Comment by Carlos Perilla — December 15, 2008 @ 6:34 pm UTC
Are there any good alternatives to OpenID?
Yep. Using the same login on different sites (as most people do). Easier to remember, easier to explain.
Comment by Edson Medina — December 15, 2008 @ 8:00 pm UTC
Thanks for the reference to ID Selector. For users who haven’t already implemented OpenID, in additional option is our RPX offering (http://rpxnow.com). Its a SaaS product that let’s a website operator deploy OpenID in a few hours. There are free and professional grade options. You can see an example of how it works at http://www.interscope.com or http://www.uservoice.com and a good review of RPX at http://www.readwriteweb.com/archives/janrain_rpx_distributed_social_interscope_geffen_am.php
Comment by Brian Kissel — December 15, 2008 @ 8:14 pm UTC
In the beginning everyone thought email was AOL or Prodigy. That is why I don’t like that ID selector, because people should know what an OpenID is and not equate OpenID with any particular service provider. It will take some time, but eventually people will understand what it is as more sites become relying parties (and REQUIRE OpenID, like tarpipe has), and it becomes unacceptable to have to give your email out to everyone (like I had to do to post this comment). It is really up to the OpenID providers to educate their users and make it the best experience possible.
Comment by Daniel Sims — December 15, 2008 @ 8:56 pm UTC
[...] Why OpenID? Via the Tarpipe blog “There’s a growing discussion around the Web about the future of OpenID and whether it’s really making lives easier for users. The article ‘OpenID Is Here. Too Bad Users Can’t Figure Out How It Works’ on Webmonkey shows some of the concerns users seem to have about this open authentication mechanism” [...]
Pingback by Silicon Florist’s links arrangement for December 16 » Silicon Florist — December 17, 2008 @ 8:02 am UTC
OpenID is great when all the services that one uses on the web provide OpenID authentication. But I’m not seeing home-banking or government services trusting in other companies to authenticate their users, or even if there is a legal background that could allow a bank to do this. Even if the bank are the ones providing the authentication to the other services, I’d be reticent to give my bank credential through other website.
Comment by Joao Lopes — December 17, 2008 @ 10:31 am UTC
[...] Why OpenID? Via the Tarpipe blog “There’s a growing discussion around the Web about the future of OpenID and whether it’s really making lives easier for users. The article ‘OpenID Is Here. Too Bad Users Can’t Figure Out How It Works’ on Webmonkey shows some of the concerns users seem to have about this open authentication mechanism” [...]
Pingback by Silicon Florist’s links arrangement for December 16 : Oregon Startup Blog — December 18, 2008 @ 1:06 am UTC