Yet Another Sign Up (Why Isn't Open ID More Popular By Now?)

It's common knowledge now that OpenID has severe usability problems. As much as I wanted it to work, none of my apps' visitors (hell, back in 2006) could understand what it was or how to use it.<p>BrowserID, however, has now fixed most of these issues, and it's <i>very</i> straightforward to use. To try it out, you can have a look at <a href="http://www.yourpane.com/" rel="nofollow">http://www.yourpane.com/</a>

And why <i>wouldn't</i> I prefer to have a set of fully independent, unlinked accounts at different sites?<p>If I understand correctly, using OpenID means that Site A can confirm that User X is the same as User X on Site B, using OpenID?<p>I can see where that's a win for sites A &#38; B. I can also see many instances where that is <i>not</i> a win for me.

Take this as a few bitter words from an "grumpy OpenID early adopter":<p>* because the user experience really requires you to have the "nascar effect" of several well-known icons. OpenID could scale horizontally technically but in fact it doesn't work that way. Except for a few providers (like Google) it is not "peer to peer" (many to many) but more like "business to customers" (one to many) relation<p>* because the "like"-generation beloved blue button talks something else (and is "way more important" than some technical nice thing)<p>* because it requires putting too many eggs in one basket (one ID to rule them all. And even "the few big ones" are these days hacked without problems)<p>* because your database of users is your asset (at least in the US). In EU it is more often a liability. * As this is an asset, nobody wants to <i>pay</i> anything for a secure identity as a TTP service.<p>* because it forbids "sensible" use on mobile devices (I have a phone and a PC, I would like to link my phone(s) to my services through numbers rather than on-phone cumbersome username or openid hack)<p>* pairing with a QR code works well for me. It even allows to establish a more meaningful key for further communication (I check the "green bar" of the browser than the underlying, semi-anonymous, DNS-depending OpenID)<p>* because OpenID does not really work for anything than medium-security <i>identification</i> transport. I hope my bank will never use an OpenID to authenticate anything.<p>* just try a new service with a throwaway account. or a throwaway password. Maybe one day people build services, which do <i>not</i> require pairing to "something" at all. Or Just use "click-the-link-in-e-mail-or-copy-token" approach.

At OpenRent [1], we use the google identity toolkit [2] and whilst it has a few quirks and bugs, it's been received fairly well by even our non-tech crowd. It uses email providers as identity providers - and is only as intrusive as inputting your email into a traditional log in box, just with much less friction, and without the requirement to remember another password!<p>I'm surprised it's not seen bigger adoption in the start-up crowd, but I guess it was slightly more work and isn't quite in-line with the MVP culture.<p>It also places a reliance on a third party - but in this case I expect good reliability from Google, and have a fallback option in place (both for availability, and to support older browsers).<p>[1] - <a href="http://www.openrent.co.uk" rel="nofollow">http://www.openrent.co.uk</a><p>[2] - <a href="https://developers.google.com/identity-toolkit/" rel="nofollow">https://developers.google.com/identity-toolkit/</a>

"It boggles my mind that this is apparently a big question for techies and, to me, is a perfect example of the Silicon Valley mindset that doesn't understand how to build products that real people want to use.<p>"The short answer is that OpenID is the worst possible 'solution' I have ever seen in my entire life to a problem that most people don't really have. That's what's 'wrong' with it."<p><a href="http://www.quora.com/OpenID/What-s-wrong-with-OpenID/answer/Yishan-Wong" rel="nofollow">http://www.quora.com/OpenID/What-s-wrong-with-OpenID/answer/...</a><p>The real question is why these guys didn't let you signup with Facebook.

The reason you dont see it mainstream is because for someone like my mom its too difficult to understand. She does however understand "Login with Facebook/Google/Twitter" because it is simple, one click, approve permissions and done. Anything more is just a hassle for them to remember and they will fallback to email/password instead.

There's no way to make everyone happy, but pretty much all the options suck. Setting up yet another account sucks. OpenID sucks because nobody intuitively understands it. My login is a URL?? WTF? Facebook/Google/whatever login sucks because some people don't have it and some people who have it don't trust it.<p>I don't have any answers.

BrowserId is another option that I'm rather fond of.