Do you think OpenID is a good choice for user management if you were launching a new site today? Or is it still too confusing a concept for an average audience?<p>I'm not sure - as a user registering on a new site, I think I would prefer it so I could have one less username / password to worry about. On the other hand, I fear that users' current mental model of registering for a site may scare them from using something like OpenID.
I think that OpenID is too confusing, until presented well to the user. I'd include a short piece of text on yuor registration/login page about OpenID - and make it clear to the user that they probably already use an OpenID-enabled service (such as Google Accounts or Yahoo! which actually tell you now). Try to present it as a way to speed up registration - less fields etc.<p>Right now, I'd still use a classical registration system, but show off OpenID as an alternative system and allow existing registrations to link OpenIDs. I still view it as an alternative, rather than a replacement.
Coming from a security background, I think there's something intrinsically wrong with that type of authentication system.<p>I like to use 1Password: a different, complicated, virtually uncrackable password on every site I use.
I don't think it's reached the point where it should be the only authentication system offered by any service.<p>I think it's still very confusing to the average joe, but if you stressed something like "login with your google account", with an easy button to use the Google OpenID provider to authenticate, it might make it easier for the average joe to understand. Something similar to <a href="http://www.postrank.com/login" rel="nofollow">http://www.postrank.com/login</a> would probably be effective with most average users, IMO.
biggest issue i see is that initial effort hump required of new users. the more difficult it is to create a new account, the fewer people will tend to do it. i'd compare it to the standford marshmallow test.