Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Thoughts on OpenID?
12 points by aichcon on May 18, 2009 | hide | past | favorite | 11 comments
Do you think OpenID is a good choice for user management if you were launching a new site today? Or is it still too confusing a concept for an average audience?

I'm not sure - as a user registering on a new site, I think I would prefer it so I could have one less username / password to worry about. On the other hand, I fear that users' current mental model of registering for a site may scare them from using something like OpenID.



I think that OpenID is too confusing, until presented well to the user. I'd include a short piece of text on yuor registration/login page about OpenID - and make it clear to the user that they probably already use an OpenID-enabled service (such as Google Accounts or Yahoo! which actually tell you now). Try to present it as a way to speed up registration - less fields etc.

Right now, I'd still use a classical registration system, but show off OpenID as an alternative system and allow existing registrations to link OpenIDs. I still view it as an alternative, rather than a replacement.


Good point. Don't sell the security. Focus on ease-of-use.


Coming from a security background, I think there's something intrinsically wrong with that type of authentication system.

I like to use 1Password: a different, complicated, virtually uncrackable password on every site I use.


How do you log in if you are away from your mac though? Is there a web interface to 1Password?


I've actually wondered that myself, but I never find myself away from my Mac.


Yes, there is a way to lookup passwords through the web interface. 1Password automatically generates an encrypted web page that can be opened on Windows or Linux.


A unique password for each site. One password to remember.

Sounds like PwdHash.


Sounds like SuperGenPass, too.

  http://supergenpass.com/


I agree with Zarathu. Most people aren't responsible with their passwords, and OpenID solves those problems. But the people who are using OpenID right now are probably the same people who would be better off managing their own passwords.


I don't think it's reached the point where it should be the only authentication system offered by any service.

I think it's still very confusing to the average joe, but if you stressed something like "login with your google account", with an easy button to use the Google OpenID provider to authenticate, it might make it easier for the average joe to understand. Something similar to http://www.postrank.com/login would probably be effective with most average users, IMO.


biggest issue i see is that initial effort hump required of new users. the more difficult it is to create a new account, the fewer people will tend to do it. i'd compare it to the standford marshmallow test.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: