Ask HN: Thoughts on OpenID?

12 points by aichcon ↗ HN
Do you think OpenID is a good choice for user management if you were launching a new site today? Or is it still too confusing a concept for an average audience?

I'm not sure - as a user registering on a new site, I think I would prefer it so I could have one less username / password to worry about. On the other hand, I fear that users' current mental model of registering for a site may scare them from using something like OpenID.

13 comments

[ 4.1 ms ] story [ 43.2 ms ] thread
biggest issue i see is that initial effort hump required of new users. the more difficult it is to create a new account, the fewer people will tend to do it. i'd compare it to the standford marshmallow test.
I think that OpenID is too confusing, until presented well to the user. I'd include a short piece of text on yuor registration/login page about OpenID - and make it clear to the user that they probably already use an OpenID-enabled service (such as Google Accounts or Yahoo! which actually tell you now). Try to present it as a way to speed up registration - less fields etc.

Right now, I'd still use a classical registration system, but show off OpenID as an alternative system and allow existing registrations to link OpenIDs. I still view it as an alternative, rather than a replacement.

Indeed. Services like RPX (http://rpxnow.com/) are good ways of presenting the ability to log in with user accounts from OpenID providers. It's mostly relegated to plumbing, although you can just type in your OpenID if you want.
Good point. Don't sell the security. Focus on ease-of-use.
(comment deleted)
Coming from a security background, I think there's something intrinsically wrong with that type of authentication system.

I like to use 1Password: a different, complicated, virtually uncrackable password on every site I use.

I agree with Zarathu. Most people aren't responsible with their passwords, and OpenID solves those problems. But the people who are using OpenID right now are probably the same people who would be better off managing their own passwords.
How do you log in if you are away from your mac though? Is there a web interface to 1Password?
A unique password for each site. One password to remember.

Sounds like PwdHash.

Sounds like SuperGenPass, too.

  http://supergenpass.com/
I've actually wondered that myself, but I never find myself away from my Mac.
Yes, there is a way to lookup passwords through the web interface. 1Password automatically generates an encrypted web page that can be opened on Windows or Linux.
I don't think it's reached the point where it should be the only authentication system offered by any service.

I think it's still very confusing to the average joe, but if you stressed something like "login with your google account", with an easy button to use the Google OpenID provider to authenticate, it might make it easier for the average joe to understand. Something similar to http://www.postrank.com/login would probably be effective with most average users, IMO.