OpenID worth implementing?

5 points by KevinMS ↗ HN
A few users (very few) are asking us to implement OpenID on our website. It seems just a little while ago everybody was talking about it. Now I never see anything about it except for the occasional login.

We don't want to know if its 'cool' to implement it, easy to implement, or if its still the latest hotness. We're curious about actual stats. Do people actually use it, or is it just a few evangelist who would just a soon use a regular login if they had to?

Be honest, is it just the hacker crowd that uses OpenID? People that will abandon you in a second if your competition suddenly offered an iphone app with voice recognition, or got on techcrunch because somebody was throwing money at them.

As many of you know, its not a matter of how difficult it is to implement. Its a question of having to keep supporting it far into the future. Once you give users something they get irate if you take it away, even if they don't use it. And switching back to regular accounts will probably be awkward. So if we go forward with this, we're probably stuck with this ball of code forever.

4 comments

[ 2.7 ms ] story [ 21.5 ms ] thread
I probably wouldn't implement it. I like OpenID, but I rarely use it these days. The only time I use it is for setting up quick admin only interfaces on my own sites.

First, you're only getting a few requests for it - you'd probably be better off working on other issues and features that affect a broader audience.

Second, it's also not going to draw many new users into the site. Lack of OpenID isn't a barrier for most people; instead, keep your registration simple and work to increase conversion in other ways.

I do think the OpenID ship has sailed, and with only a few people on board. It's a cool technology, but lets face it, no one but the tech community 'got it'.

I prefer the idea of simplifying, or removing registration altogether. The only times registration will stop me from using a site is if I don't trust them with my email/password, and if that's the case, then the site probably sucks anyway.

Make a site worth coming back to, and I don't think people mind having to login (if you have a good "remember me" feature).

I've never like the idea of OpenID. I recognize the problems it attempts to solve, but by allowing OpenID, I'm outsourcing my security to other people. What if the password to the OpenID account is compromised? That in turn could compromise all of their accounts. And how much do you trust a 3rd party OpenID provider?

I think a better solution is to just enforce a good password policy.

OpenID seems to have more traction with the non-hacker populace if expressed in terms of "Log in using your Google/Yahoo/etc account."

Suits me fine personally. I love OpenID.