Imagine a much friendlier internet, one where you only have to remember one password. A place where it’s easy to keep a tight grip on your personal contact information, deciding which websites have access to it and how much they’re allowed to know about you.
This is the internet we are fast approaching, and OpenID is the central piece of technology that will make it possible. Instead of creating a separate user account, each with its own login and password, for each site you visit, OpenID lets you log in to your favorite website using only your e-mail address or a URL — your blog’s address or your profile page on a social network. Using one of those identifiers, you can log in anywhere on the internet where OpenID is welcome. This saves you the trouble of having to keep track of dozens of accounts and passwords.
Most of us have amassed long lists of separate logins for various websites, so it’s an idea that couldn’t have arrived at a better time. The only problem is, OpenID presents such a big change from the current method of signing into websites, users remain perplexed at how to take advantage of it.
“We’ve spent ten years teaching you to go through a form element, enter your password and go through a registration walkthrough,” says Dan Harrelson of the web design firm Adaptive Path. “OpenID tries to walk away from that burden, from multiple accounts and passwords and all of that stuff. Users have to relearn how to log in.”
For a long time, OpenID was a fringe technology, and few large players supported it. In January 2008, Yahoo and AOL were the first major destination sites to host OpenID accounts. In October, other big names like Google, MySpace, Plaxo, and Microsoft joined as unlikely allies in support of OpenID, bringing the single sign-on account technology to critical mass.
All of a sudden, widespread OpenID adoption is closer than ever. However, the usability problem has engineers and design experts scratching their heads. While the typical internet user probably already has an OpenID account tied to their Google account, AOL name or Yahoo ID, they still don’t know how to use it.
Recent user experience studies by Yahoo and Google showed typical internet users were absolutely befuddled by the OpenID login process. When given the option to log in with a Yahoo or Google account, the user would typically overlook the OpenID options and instead enter their Gmail or Yahoo Mail login and password. The reports concluded users have relied so heavily on a login and password to secure their data for so long, it would take a major re-training effort to change this behavior.
At a recent meeting between OpenID providers and major news outlets in New York, news websites like Forbes.com and the BBC were asked what they perceived as OpenID’s biggest problems. Google’s Eric Sachs, who represented his company at the meeting, says the OpenID providers collected some valuable pieces of feedback.
“The first was that the user interface that the identity providers had was too complex,” Sachs says. “The second thing that those websites said was ‘Hey, we have a very large installed base of users who already log in to us with an e-mail address. We need to provide some user-friendly way to potentially transition them to (OpenID).’”
(Read the full transcript of Webmonkey’s interview with Eric Sachs.)
The “user-friendly” problem is one that has OpenID providers scrambling.
Google and Yahoo are both attempting to retrain users’ login behavior. Yahoo has reduced the number of steps to log in from 12 to two. Google has replaced OpenID’s cryptic URL-based login with one that uses an e-mail address. Both of these methods require the user to “bounce” over to Google or Yahoo for authorization before returning to the site they’re trying to access.
Adaptive Path’s Harrelson doubts this strategy will address user’s concerns or confusion, citing the lack of security a user feels as he is bounced from one site to another and back again.
“(It’s) jarring to be at site X and now I’m at site Y,” he says. “How did I get here and how do I get out of here?”
Plaxo vice president of marketing John McCrea, an OpenID proponent who co-hosts a weekly podcast about open web technologies, trumpets Facebook Connect as where OpenID is headed.
“Where we want to get to is an experience that is materially similar to what we see in Facebook Connect today,” McCrea says. “To do that, we really need just a few people who are product design savvy and aware of what the technology can do to sit down, mock it up, and get a general agreement and then go forward. So there are a few things that have to get nailed down, but the general direction is quite clear.”
Representatives from Plaxo, Yahoo, MySpace, Google and Microsoft have considerable resources to spend on this issue. It’s why all of them joined an OpenID user experience working group in October. Surprisingly, Facebook attended the meet-up as well, showing off Facebook Connect’s slick interface.
So, Facebook is on board the OpenID train, but why? If Facebook really has the problem solved with Facebook Connect, why should it bother helping OpenID, a potential competitor?
Joseph Smarr, Plaxo’s chief platform architect and another of OpenID’s most active supporters, credits the collective vision of both projects.
“It’s common to see innovation in a closed ecosystem happen a little bit faster than in the open because you can control it all yourself,” he says. “Of course, when things open up you get so much more collective innovation that it quickly outstrips any one person who attempts to do it all themselves no matter how talented they are.”
“Facebook gets that. I think Facebook sees the web going social. You’re going to have to take your account and your friends with you across the web. I think they are so excited about that vision that they want to get started right away and so they built their own version of it, but they want to make sure that they are able to play in OpenID’s developing ecosystem, too.”
(Read the full transcript of Webmonkey’s interview with Joseph Smarr and John McCrea.)
With all the major providers working aggressively to refine the OpenID experience, progress is skyrocketing. According to Plaxo’s John McCrea, it’s time website owners far and wide hurry up and join the party.
“If it hasn’t been clear until now, it should now be obvious that the curve is accelerating. Now is the time to think ‘How do I become an OpenID partner? How do I take advantage of the biggest sea change since the birth of the web?’”
Facebook failed to respond to interview requests for this story.