

Is OpenID Too Confusing? - qhoxie
http://lifehacker.com/5064261/is-openid-too-confusing

======
jmatt
Yes, OpenID is too confusing.

This was a huge complaint I had during the stackoverflow beta. Those that are
believers in OpenID are zealots. They won't change their opinions no matter
how much the general populace hates on it. They likely are public figures
(with URL related to their personas - like a website or blog). In this case
OpenIDs work beautifully. It's the rest of us that have trouble.

I currently have 4+ OpenIDs and I can never remember URLs or usernames. It
inevitably involves me going to my second gmail account and searching for
OpenID. Then I choose randomly one of the OpenIDs that show up in the search
and use it. That or I end up creating yet another OpenID. So now I spend my
time managing OpenIDs instead of user accounts. To me an even bigger waste of
time. Meta-account management. And god forbid you start forwarding or
attaching one OpenID to another one... that'll REALLY hose things with
whichever account you are logging in as. Sites rarely allow the user to tie
all those IDs together to a single account - which would at least simplify
things a bit. To me this is wayyyy too complicated for average end users.
Maybe if it were designed into everyone's web-email accounts and things could
be managed there. I've attempted using the Yahoo OpenID and always run into
problems with that too.

When I've asked my tech-savvy non-developer friends - none of them even know
what it is. I've rarely heard positive feedback outside of people in the tech
industry. But then again I haven't gone looking for it.

The compromise between being decentralized and centralized in my opinion is
what causes so many problems. There is no one place to go get an openid (try
explaining that to the average user). There is no standardized way to get one
(every third party site is a little different). And it adds an extra level of
indirection - with no perceived benefits to the end user. There are a lot of
benefits but none that the end user readily cares about.

An interesting article on OpenID from Jeff Atwood:
<http://www.codinghorror.com/blog/archives/001121.html>

I attempted to find the uservoice thread about OpenID in stackoverflow but
it's been deleted:
[http://discuss.joelonsoftware.com/default.asp?joel.3.685860....](http://discuss.joelonsoftware.com/default.asp?joel.3.685860.18)

~~~
Lagged2Death
"I currently have 4+ OpenIDs..."

I'm not surprised it isn't working so well for you, in that case.

I think some of the centralization/privacy concerns related to OpenID sound
like valid points to debate and discuss.

But saying you have _too many_ OpenIDs and that managing them has become a
pain is like complaining that you can't remember which of the four wallets
you're carrying has your credit card in it, and concluding that wallets suck.

~~~
jmatt
Ya I agree that is one of the problems. But since it's so decentralized and
just finding your existing OpenID account can be difficult - it is still a
problem. Part of the problem was having multiple emails and multiple types of
OpenIDs (Work, Coding and Personal). Add to that - switching web email
accounts midway through - and I ended up with multiple accounts.

If I could cut back to just one or two accounts I would. But I've found the
management tools lacking both on the client website and OpenID side of things.

------
axod
It's not just confusing - which it is - it's not needed.

It doesn't solve a problem for the average user.

------
fallentimes
It's a classic case of sounds awesome & amazing to techies but utterly
worthless to Johnny Q. Public.

------
lallysingh
I guess I'm alone here. I'm pretty tired of 30+ login names and passwords. If
I use the same one for all, then any single breach hits all 30+ sites.

They should just give it a better name, like Internet-Wide Identity. OpenID is
an implementation (centered) name, not a user (centered) name.

~~~
ricree
I'm another huge fan of OpenID, but after being the only one arguing for it
the last couple of times it came up, I've gotten sick of speaking up for it.

Personally, I would love it if almost every site out there would let me log in
with an openID. I'm apparently in the minority here, but I'm sick of having to
make a new account every time I want to check out some site or forum that
looks like it might be interesting.

While there are issues in the implementation, I am very much unconvinced that
there is anything particularly more difficult about the concept than that of
current logins.

When I ran non techie friends through it, the biggest complaint was usually
that there were too many different screens they had to click through, and
there was some confusion about where to go to get an openID, but as far as I
can see these are all things that can be improved without sacrificing the core
concept of OpenID.

------
t0pj
The problem(s) with OpenID

<http://idcorner.org/2007/08/22/the-problems-with-openid/>

~~~
wmf
That's FUD to sell Credentica, and many of those problems cannot be fixed if
you assume an unmodified Web browser.

~~~
ajross
And yet they remain problems that are unsolved. The phishing one in particular
(send the user to a fake login page that just facades the real one and steals
the password) is a showstopper all by itself.

So while it's true that (short of doing stuff like RSA & PKI in Javascript)
you can't fix these problems with browsers as they exist today, that doesn't
mean that a solution that _ignores_ the problems is a good idea.

~~~
sapphirecat
> (short of doing stuff like RSA & PKI in Javascript)

The only thing that I can see which would actually help, without breaking the
"install nothing" goal of OpenID or making the existing usage path any more
difficult, is to build some sort of OpenIDRequest object into browsers. And
you'd want to design an unspoofable credential request window to go with it.

------
raghus
When I join a Google Group, Google asks me "What nickname do you want people
in this group to see?". I pick something and I'm in. End of story.

Why can't I do this with every other site? I'd like to be able to go to
foobar.com, click on Register and be taken to a Google page where Google says
"What nickname do you want foobar.com to see?". The default is my gmail
username but I can change it. I'm in. Foobar doesn't see my email address or a
password or my address book contacts or anything else. Can people poke holes
in this suggestion?

I think Joe the Plumber would love such a scheme.

~~~
jfarmer
When OpenID people say they're "solving a problem" what they really mean is
"we're solving a problem inasmuch as it advances our agenda."

Things like Google and Facebook are so ubiquitous as to be effectively
universal, but OpenID people object to using them as an authentication
mechanism on ideological grounds.

They'd rather have a pure solution tomorrow than a good solution today.

------
maxklein
Yes.

~~~
ig1
Yes again. OpenID still confuses the hell out of me.

And I'm saying that as someone who was semi-active participant in the early
design stages of OpenID.

~~~
kylec
Seeing as you were a participant in the design of OpenID I must ask - what
happened? Why is OpenID so awkward and confusing? Why URLs instead of email
addresses or something else people already have?

~~~
maxklein
Design by consensus. Most true breakthroughs have been created by a single
person.

------
wmf
"the users tried to log in using the site’s main login, rather than the OpenID
login. Users don’t understand multiple ways to log in"

There's the first problem. If your site only accepts OpenID you won't have
that problem.

Also, I don't know of a single site that is using an ID selector with history
sniffing, which should be a much better UI.

------
pstinnett
I think this is interesting and definitely something to discuss. The whole
idea of having a username/password for a service that can be used across
several services is kind of abstract. I could see this being confusing to the
non-tech public, because at times it's confusing to me.

------
asjo
I don't think it is - I implemented my own private OpenID-provider in a
130-line Mason component (using Net::OpenID::Server) in a couple of hours, and
I like very much not having to create accounts everywhere, and only sending a
login/password combination to my own server.

Using and trusting some existing OpenID-provider would be a bigger leap for me
- the fact that it is possible, and not terribly complicated, to create and
run your own is a big plus in my book.

------
coffeeaddicted
My problem is rather that I don't trust it enough. Maybe because I don't
understand good enough how it works. But by keeping passwords to myself and
using different passwords and usernames for different sites I don't have to
trust anyone beside myself to keep that data safe. And also I have no trouble
creating as much identities as I want to have.

------
qhoxie
The concept is less confusing than multiple sign ons for a lot of people, but
the execution of it is not always clear. Things like redirection for logins
definitely throw users off track.

------
sh3l1
I used OpenID to sign up here. It was quick, painless and easy. I don't
understand why anyone would have trouble with it.

------
jcapote
Nope. Myopenid.com; I don't know what all the fuss is about...

