OpenID is a mess

Posted on Jul 22, 2008 in Opinions, The web, UI Design

OpenID seems like a nice idea to simplify logins and profiles on the web. The promise: Create an account with one OpenID-enabled service such as Yahoo, WordPress or others and then you’ll be able to sign in to other OpenID-enabled services.

The reality? OpenID still has some way to go before really becoming seamless enough for the average user to use it. Most of the issues lie with the sites implementing OpenID, but from what I can see they’re pretty systemic Here’s my OpenID experience:

1st attempt: Using my wordpress account to sign up for Skribit

So I decided to sign up to Skribit. They offer OpenID support, so I decided to try that, rather than create a traditional account. First of all you’re asked for your OpenID url. If you don’t know what that is, tough luck. There’s no link with more information on what your url could look like or how you can get one. 

Frustrated, I figure I’ll go to OpenID.org to find out more. OpenID.org looks like a cross between a phishing site and 1996:

I assume they’re not affiliated with the official project, so instead I head over to OpenID.net, which turns out to be a lot more helpful. There I learned I can sign in with the url “username.wordpress.com”. Great! I enter in my username and am greeted with a page telling me I need to log into WordPress.com first and warning me about possible phishing attacks:

But at WordPress.com, it turns out I am signed in already. For whatever reason, OpenID is just not seeing that.

 

2nd attempt: Yahoo

Giving up on WordPress, I decide to try using my Yahoo / Flickr account instead. At Yahoo’s OpenID page, I am giving the option of using my “unique identifier”:

“To make things easy, we have generated this identifier for you:

https://me.yahoo.com/a/*******************************************”

(And yes, those * are all random letters)

Luckily Yahoo also lets you pick a short memorable url to use instead of your identifier. They helpfully suggest 2 automatically, the first being your Flickr url (http://www.flickr.com/photos/munichmessages – hardly quicker to type than a username) and the second suggestion is this gem, which they also helpfully advise against using:

However I was finally able to use my flickr url to sign into Skribit and set-up an account.

Conclusion

All of these issues are not necessarily OpenID’s fault, but isn’t the whole idea behind the system to make logins simple and easy? I can definitely see the advantages and look forward to using the system myself, but there’s no way this is going to go mainstream unless they can significantly streamline the entire process across all the different providers. 

Suggestions

  • Make openid.webservice.com a mandatory page that all OpenID services need to offer, including additional information on how to use the service and links to other providers.
     
  • Force any login areas to link to their openid.webservice.com page so users can figure out what it is they need to do. 
     
  • Make www.webservice.com/username a mandatory OpenID login that providers must offer.

 

This is a great idea that needs some work if it’s ever going to receive widespread adoption. In its current state, I think Yahoo sums it up best:

 

2 Comments

  1. I found this post just after I revamped how we handle OpenID for Skribit – it’s now largely powered by Clickpass (you’ll see these changes in a few weeks). They seem to do the best job in handling OpenID in terms of user experience – it can be as simple as a click of a button to login.

    I recently switched my blog from a self-hosted one to WP.com and am also seeing that login problem, which is very annoying. Fortunately, Basecamp has done a great job with their OpenID implementation, giving the option to email you user/pass in case your OpenID doesn’t work.

  2. Hi Calvin!

    Thanks for responding! I hope I didn’t make it seem as though I was only attacking Skritbit on these issues. I think the issue is that OpenID needs to “oversee” the implementation of their system a bit more and perhaps give clearer guidelines.

    I’ll definitely take another look at Skribit’s new OpenID implementation when it goes live!