Comments for OpenID Status Check: A Guide to Getting and Using Your OpenID

OpenID Usability: Two Solutions That Could Take OpenID Mainstream

2008-04-21T18:43:25Z

There's big news in the OpenID world; new solutions are hitting the market that aim to solve probably the biggest problem the paradigm faces - usability.

JanRain, owners of MyOpenID.com, and ConfidentTechnologies are both making announcements that could help make OpenID much friendlier. Confident is the half of Vidoop that serves enterprise and financial institutions.

]]> Here's a look at the two solutions being offered. What do you think? Will these help users get over the hump and easily understand how to use OpenID?

IDSelector

JanRain's new service IDSelector is a login framework that plugs into sites that already have OpenID enabled on the back-end. Just a few lines of code put a friendly interface on top of existing OpenID login.

Here's a sample below:

The idea is that users will click on the login box, be prompted to associate themselves with a certain OpenID provider and then the URL will be auto-populated so that only a username will be needed. Subsequent visits to sites using IDSelector will result in users being shown the same provider that they logged in with last time.

Website owners can determine which providers are on the drop down list for their site and which order they will appear in. The company says that if IDSelector.com goes down for any reason, the javascript simply won't register and a site's own login field will remain.

Caveats

While this is a huge improvement over the most common practices for prompting OpenID login, there are still a few problems. First, though this is "provider neutral" - it's not a decentralized service and that's one of the best things about OpenID.

Second, it doesn't work perfectly for every provider because there is still a huge maze of different implementations on the market. Yahoo! for example, doesn't want a username here in a URL - you're just supposed to click Yahoo! and then login. That takes you over to Yahoo! to provide your username there.

Some authenticating parties support OpenID 2.0 and some don't. Presumably that will change someday soon.

Finally, this is still URL centric. It's easier than just prompting people for a URL. Though some people contend that this is an easy way to tech people about signing in with a URL, others will no doubt argue that the term OpenID and URLs shouldn't be shown to users at all if this is going to go mainstream.

Confident Technology's RecoginitionAUTH™ to Power Many More Services

If you've seen consumer web OpenID provider MyVidoop's implementation of OpenID login then you've got a pretty good idea of how Confident's RecognitionAUTH works. The technology asks users to identify images that are of a type they associated their account with, instead of using a password.

Today Confident is announcing that a host of other OpenID providers are going to start using the RecognitionAUTH system to allow their users to login as well. ClaimID, Clickpass and ooTao (iNames) will all use enable their users to login using the Image Shield technology behind RecognitionAUTH.

The idea here is that users will never have to read the word OpenID, look at any URLs or otherwise get confused. The service is already in use by a number of financial institutions.

We hear that AOL is also in advanced testing with Image Shield, so the solution could spread much further even faster than it already is in the financial services sector.

Vidoop/Confident is quickly gaining momentum, branching out from their home base in Tulsa, Oklahoma to open a Portland, Oregon office. The entirely revenue-funded company hired OpenID Foundation Chair Scott Kveton and is now quietly hiring up many of the smartest geeks in town, challenging JiveSoftware for talent. Already the home of the inventor of the wiki (Ward Cunningham), the initiator of the Linux kernel (Linus Torvalds), a boatload of RSS and OpenSource-heads, Portland Oregon is also becoming a hotbed of OpenID work. In addition to Confident's office, JanRain is based in Portland as well.

Will Either of These Catch On?

There are a lot of big questions all around OpenID. It's a new paradigm with solid potential and exciting possibilities. In order to actualize all that potential, though - the front door to using OpenID needs to be more accessible. There's a wide range of providers, features and approaches. To learn more check out SpreadOpenID.org.

Both of these seem like great first steps. Which do you prefer? What would you like to see happen to make OpenID more usable for non-technical folks - or for yourself?

Comment from Kevin Fox on 2008-04-21

2008-04-21T19:40:55Z

Nice post Marshall. I think both of these announcements are positive steps forward for OpenID in terms of security and usability. I already use myVidoop (I work there) and we have integrated the IDSelector in to our affiliates program so any of our affiliates can easily generate their own selector for their site.

Will be interesting to see what other announcements come out of Web 2.0 this week....

Cheers,
Kevin

Comment from Carsten Pötter on 2008-04-21

2008-04-21T20:06:03Z

reg. IDSelector and OpenID 2.0 support or not: According to the JanRain folks there is an algorithm detecting if a relying party supports OpenID 2.0. If it doesn't support it, providers who only support OpenID 2.0 (e.g. Yahoo!) are not shown.

Comment from andrees on 2008-04-21

2008-04-21T20:15:51Z

openid isn't a concept hard to understand for mainstream users - it's just an answer to a question nobody asked. the mainstream user is only signed up to maybe 3-5 services, remembering the few passwords (often the same is used) worked well all those years. in this scenario the openid provider is not much more than an additional possible point of failure between the user and the web-service.

of course, if you are a professional tech blogger and signup to a dozen new web-services each day, i can see the need for openid.

Comment from rick gregory on 2008-04-21

2008-04-21T20:31:03Z

I agree with andrees. The problem with OpenID is that the main benefit to endusers is closely approximated simply using the same ID and password everywhere. Yes, I know the risks of this approach. I use the same userid everywhere I can and a casual password for services that don't contain personal info and a very secure password for those sites that do contain sensitive info. I've done this for 8 years... and never had an issue.

If someone uses the same ID and password everywhere the single signon benefits of OpenID aren't significant and, while ID geeks can rightly outline the other benefits of OpenID it's stuff that most people just don't care about.

Comment from Shreyas Doshi on 2008-04-21

2008-04-21T22:34:59Z

From the post above:
"Second, it doesn't work perfectly for every provider because there is still a huge maze of different implementations on the market. Yahoo! for example, doesn't want a username here in a URL - you're just supposed to click Yahoo! and then login. That takes you over to Yahoo! to provide your username there."

Marshall - I am responsible for OpenID at Yahoo!. I wanted to clarify, since its unclear from your post, that our stance on the username bit is that its not really *needed* for the Yahoo! OpenID provider. We've put a lot of thought into enabling users to use OpenID without training themselves on the technical aspects of OpenID (eg: entry of a username that appears in a URL that is supposed to represent my identity) and we think that such a strategy is critical to enable mass adoption of OpenID. Hence, I would argue - and I am obviously biased - that, due to the removal of unnecessary hurdles, this works more perfectly with the Yahoo! OpenID Provider than with some others.

Note also that the username/URL bit is only *really* required for sites that implement OpenID 1.1. OpenID 2.0, among other things, provides a significant usability improvement over 1.1 in that the user is not required to explicitly specify his OpenID URL to the Relying Party (or even know about the URL-centric nature of this technology) in order to use OpenID. We do hope that, as more large and small players offer OpenID solutions for their users, the emphasis of user interfaces moves away from the technical underpinnings of the technology to just an efficient and informed Sign-in flow for end users. To that end, adoption of OpenID 2.0 by more OpenID providers and Relying Parties would be a great step forward.

Comment from Peter on 2008-04-21

2008-04-22T00:26:37Z

good post.

the sooner OpenID dies, the better for us all.

on the picture thing - it took me 18 months to figure out what some picture was doing in my Bank of America account. i was so p*#*#@*@d off for so long. and i still can't tell you what it's doing there. it's completely meaningless and/or confusing and frustrating.

and the idea that folks want to look at a lineup of pictures to identify/authenticate themselves is pretty hilarious, especially when one looks at things like the reliability of eye-witness identification in criminal cases - we're talking like 10-20% reliability. not to mention the myriad inherent problems with such a solution - like familiarity over time of other images - the chance of someone guessing right - the amount of time it actually takes to actually log in, given that you have to scan a bunch of images and select the correct ones. i'm all for ideas, but this one is not worthy.

we need to get over this idea that there is going to be some centralized, yet de-centralized way to authenticate ourselves into the stratosphere - it probably won't happen, and we probably don't want it to happen, for myriad reasons. if we actually want to solve 'the problem' of universal logons - and i'm not sure we do (i know i have other priorities than making it easier for uncle sam to track me) - then we're gonna have to get a grip and start being a bit more realistic. even with perfect support across the board from every tech company on the planet, OpenID would still be a disaster in waiting.

Comment from Offbeatmammal on 2008-04-21

2008-04-22T05:06:36Z

I like the theory behind OpenID. It's simple, easy to use and allows me to control my profile.
Yet the implemention I use - MyOpenID.com - is a pretty horrible user experience. Some sites demand I enter the URL as an https, others http, some don't care.
Sometimes the site works, othertimes I need to use a specific browser or sacrifice a small latte to make it work.
Until the user experience improves I'll remain a gruding user, but not an advocate or evangelist for the solution.

BTW would much prefer the comments here to use something like Disqus (who do support OpenID!)

Comment from Jason on 2008-04-21

2008-04-22T05:39:10Z

I personally like the selector. We already have OpenID support built for http://www.CleverTools.com , but maybe we will implement this too.