To See How OpenID Can Work Well, Look at Stack Overflow
OpenID, the decentralized identity system that dispenses with usernames and passwords in favor of a single, portable web identity, promises to eventually change the way we login to our favorite websites.
While OpenID holds great promise, the reality today is that users sometimes don’t understand it. It’s an entirely different experience than a traditional login, so it can be confusing, and the user experience varies radically from site to site.
OpenID is, frankly, a work in progress. But, as developer Jeff Atwood recently wrote on the Stack Overflow blog, “I would rather be part of the solution than yet another brick in the wall of the problem… even if it involves a tiny bit of short-term friction.”
Atwood goes on to give an interesting developer perspective on what it’s been like to use OpenID on Stack Overflow. Stack Overflow is an interesting case study since OpenID is the only way to create an account at the site (you can use Stack Overflow without creating an account, but there’s no way to sign up using a traditional username/password).
In other words Atwood and company made a big bet on OpenID and for the most part it appears to be paying off. Here’s some key points for developers that Atwood pulls from Stack Overflow’s OpenID experiences:
- Google is by far the largest OpenID provider at 61% of all registered accounts
- The change from “enter your OpenID URL” to “click the logo of the company that provides your identity” is a huge usability improvement (I’d disagree with this one, if anything, Chris Messina’s OpenID Connect proposal seems more like the future of the OpenID UI.).
- Support for multiple OpenID providers is key, since it gives your users the ability to change OpenID identities whenever they want. This is important, as their current OpenID provider could disappear, locking them out of their account.
- The OpenID protocol itself can be implemented in unusual or incomplete ways by different providers. Atwood points to specific problems in the way Gmail handles OpenIDs, which require Stack Overflow to request your e-mail address as a kind of fingerprint for your OpenID.
The Stack Overflow crew seems to be happy with its OpenID-only account system. It’s worth noting that Stack Overflow obviously attracts users with a higher-than-average tech savviness, but the lessons Atwood details are relevant even if OpenID is only one of your site’s many sign-in methods.