Ask YC: Who uses OpenID?

I think it's important not to confuse OAuth with OpenID. I think OAuth might be very useful indeed, and I'd like to see it succeed. Tying it to the Titanic will not help.<p>I have finally found one clear use case for OpenID: sending out login passwords to newly hired consultants without using cleartext email. Of course, this isn't the kind of killer app that will make OpenID a household word.<p>Among other things, OpenID is: confusing even to geeks, not especially secure, not solving a particularly important problem, an open-ended set of external dependencies on provider code that you do not control, very poorly branded (because, you know, everyone <i>loves</i> having their ID checked), poorly marketed, and often assumed to be something it isn't.<p>From a site developer's standpoint, OpenID solves the wrong problem. Nobody is avoiding your site because they have to remember a password. That requirement hasn't killed eBay, Gmail, Amazon, PayPal, Facebook, Plentyoffish, HotOrNot, news.yc, or any other site in history. Frankly, if people are avoiding your site, it's probably <i>because it sucks</i>. Spend your time making your site suck less.<p>A good way to make your site suck less is to eliminate the need for signups at all, to delay that need as long as possible, or to get the user so excited about the site that they barely notice the signup process. OpenID doesn't do these things. The problem with signups is not the typing, remembering the passwords, or even securing the passwords -- it's the <i>mental overhead</i> associated with deciding whether or not you want another relationship in your life. Can you trust this new site? Will it waste your time? Will it spam you? Will it hit you up for money, forcing you to feel embarassed as you say no over and over? Will your friends find out that you signed up on the site? Will the site plaster your Amazon purchase history all over the open Internet?<p>Signing up for a site is exactly like making a new friend, and if you think it would be great to automatically be friends with everybody in the world, find a recent multimillion-dollar lottery winner and ask them what that's like. Managing your relationships takes thought, attention, and judgement. Nobody's automated that yet.

As open social will gain more popularity these kind of solutions will be necessary. OpenID is for your users, OAuth is for other sites and services you wish to communicate with, and DataPortability is for the whole thing being portable from one service to another. I don't believe the world will remain in the chaos it is at this moment and a unified open-standardized platform will be a must. Don't look who don't, be a pioneer and implement it. The major players will follow.

I've got an OpenID account but have rarely used it, probably because there are few places to actually use it.

I've implemented it, and I use it on a handful of sites that support it (various blogs, Highrise, BlinkSale).

From what my friends have experienced with their sites, I'd say you're better off with putting your time in doing something else. OpenID is LONG way off from becoming mainstream. On consumer sites, it's RARELY used, unfortunately.

I don't have any plans to ever support it. I think it's an ill-conceived system that teaches users to fall prey to identity theft.

I use OpenID and it's frustrating that websites don't accept it. On this website, for example, I was forced to use BugMeNot. Why? I don't like being forced into this position.