views:

989

answers:

13

Does OpenID improve the user experience?

Edit

Not to detract from the other comments, but I got one really good reply below that outlined 3 advantages of OpenID in a rational bottom line kind of way. I've also heard some whisperings in other comments that you can get access to some details on the user through OpenID (name? email? what?) and that using that it might even be able to simplify the registration process by not needing to gather as much information.

Things that definitely need to be gathered in a checkout process:

  • Full name
  • Email

(I'm pretty sure I'll have to ask for these myself)

  • Billing address
  • Shipping address
  • Credit card info

There may be a few other things that are interesting from a marketing point of view, but I wouldn't ask the user to manually enter anything not absolutely required during the checkout process. So what's possible in this regard?

/Edit

(You may have noticed stackoverflow uses OpenID)

It seems to me it is easier and faster for the user to simply enter a username and password in a signup form they have to go through anyway. I mean you don't avoid entering a username and password either with OpenID. But you avoid the confusion of choosing a OpenID provider, and the trip out to and back from and external site.

With Microsoft making Live ID an OpenID provider (More Info), bringing on several hundred million additional accounts to those provided by Google, Yahoo, and others, this question is more important than ever.

I have to require new customers to sign up during the checkout process, and it is absolutely critical that the experience be as easy and smooth as possible, every little bit harder it becomes translates into lost sales. No geek factor outweighs cold hard cash at the end of the day :)

OpenID seems like a nice idea, but the implementation is of questionable value. What are the advantages of OpenID and is it really worth it in my scenario described above?

+9  A: 

It seems to me it is easier and faster for the user to simply enter a username and password in a signup form they have to go through anyway.

I think, on the contrary, that often it's easier and less of a hassle if the user can login with his existing OpenID, instead of creating separate credentials for every site. (Isn't that the main point about it.)

Jonik
I frequently use the same credentials everywhere (if the username was available at Microsoft or Google, odds are it is everywhere else I go too.) And I can do that without ever leaving the sign-up page. So if that's the main point of OpenID, then it doesn't have much point at all does it?
Eloff
I think he was referring to the case where the user has no existing OpenID (and must sign up either way)
Cameron
@Eloff, I've done that too, and one additional point is related to exactly that: Using the same credentials (name *and* password) all over the place is a security risk. If some poorly administered forum gets cracked, an attacker might gain your credentials for many sites. (I don't know if you meant using the same password too, but in general people certainly do that a *lot* — for the simple reason that having to come up with new passwords for every damn site that requires registration is too much of a hassle!)
Jonik
@Cameron, who these days doesn't at least have either a yahoo or google account? Those two right there make up at least 90% of the internet.
nbv4
@Jonik: But the same could be said about your email password on a non-OpenID website. If someone gets your email password, they can use the "I forgot my password" links on websites that you visit and reset your password. So OpenID by itself does not pose any new security risk.
musicfreak
@Jonik I'm sure 90% of people just reuse the same username/password everywhere. In fact they probably often give their email along with their email password everywhere. Yes, security nightmare. But from a business point of view, it's a pretty smooth signup experience...
Eloff
@Eloff, security nightmare but smooth, agreed. Now, then, doesn't all this make a pretty good additional case for OpenID? :) (To be honest, I'm not familiar with its implementation details, but I assume OpenID is much less of a risk than reusing same non-OpenID credentials everywhere.)
Jonik
@musicfreak, I think you misunderstood my comment; I wasn't claiming OpenID poses new risks, on the contrary, I tried to argue in favour of OpenID based on security concerns.
Jonik
+2  A: 

It's great not having to make too many user accounts all around. All those passwords.... then again, I far prefer a solution like 1Password for the Mac. OpenID is better for sites I'll return to than a separate username, though

niklassaers
+4  A: 

Well the promise of OpenID is a single sign on for multiple websites. The issue is that it's still pretty obscure from a mass-market perspective. I personally would not implement it in a broad customer-facing application just yet.

MattC
Well, in my opinion you should implement it as much as you can. It won't become mainstream if everyone is afraid to use it in their app because it's not mainstream.
Robert Rouse
Somebody has to, and broad customer-facing companies need to be the ones who lead the way!
Dan Atkinson
You guys are thinking like programmers, not like business people. Business people need an actual advantage to use a technology.
Eloff
Exactly, he needs to have a reason to do it that makes sense.
MattC
@Eloff, you're on the wrong website. You will primarily find programmers here.
Nick Presta
We're programmers but some of us are business savvy as well ;)
MattC
@Nick you really think I can ask business people about OpenID? There's a reason I'm here asking programmers.
Eloff
+1  A: 

I would agree with you that ease of use for your users is something to heavily consider. Your audience is another thing to consider. As OpenID becomes more accepted this will be less and less of an issue. If you are working on a project where you know the majority of your users will not even know what OpenID is then perhaps you should steer away from it.

Stackoverflow was my first intro into OpenID and I'm a geek.... I created the account after avoiding it for a few days and reading up on it. I finally jumped in but I would venture to say non-geek types would perhaps not. Now, I love the idea and would love to see it everywhere also.

If you can do both your own and OpenID, offer both. I think that would be the best of both worlds. You could point users to the goodness of OpenID but still let them go the other way. If you see a high adoption rate with OpenID you could eventually only offer it.

klabranche
I'm loathe to distract the user with more options than absolutely required during the checkout process. Perhaps adding OpenID support for existing accounts only, accessible from somewhere else would work, but doesn't seem like a high priority to me.
Eloff
True. That is definitely a part of what should be considered.
klabranche
+2  A: 

In my latest application I give the users a choice. I think if you do offer OpenID it should be optional and the fact that it's optional needs be very clear to your users. I tested my signup with "average" users and they were very hesitant to sign in with their Yahoo, Facebook, Google, or what have you.

For users that do want to use OpenID, do it right. If there is additional information that your site requires and you can pull that info in along with their authentication token then do it.

Andy Gaskell
+17  A: 

What I like most about OpenID is that it doesn't feel like I'm creating an account at all. It's more like I already have an account for the entire Web, and StackOverflow is taking notice of it when I log in. I'm really tired of having to create a new "identity" on every site I run across because they want to have a bigger user count.

I also like that sites that (only) use OpenID tend to make the whole account experience more flexible: no email confirmation required, no enforced-unique usernames, use of Gravatar, etc. The upside is that there is no registration; I just log in like I was already here.

Eevee
+1. Well put; it does feel like that ("account for the entire Web")
Jonik
+4  A: 

Maybe it isn't worth the effort on the large scale (yet), but I am very reluctant when it comes to registering on the sites that do not support OpenID: coming up with yet another password, confirming email (which, sometimes, involves waiting for the email), etc. They basically lose me as a user unless I really have a good reason to register there.

But also keep in mind that OpenID is not only about single sign-on, it's the way to maintain your identity, to prove that you are who you claim to be. OpenID sign-on is great, but the ability to perform action on the site on your own behalf (e.g. leave a comment) without registering is even more important.

Michael Krelin - hacker
+23  A: 

I respect your need for a business reason to use OpenID rather than a tech-geeky reason. So here it is:

Reason #1

OpenID is way easier than username+password. "Oh no", I hear the responses now, "OpenID is confusing and scary for users. They'll run away." That's why you don't tell the user it's OpenID. Just offer Yahoo and Google buttons and say "use an account you already have" or something to that effect. Users will love you. Underneath you're using OpenID, but don't advertise the fact, and perhaps don't even offer an OpenID text field, until OpenID becomes more mainstream.

A strong majority of users are already logged into Yahoo or Google, so "Click here to log in using your Google/Yahoo account" buttons will mean it's faster and easier for your customers -> more sales.

Reason #2

Do it for your customers, even if they're not asking for OpenID. OpenID is more secure than username+password, since your customers won't be reusing the same username+password on your site as all their other sites. It's bad security to reuse username+password across web sites, but that's what users do. Using OpenID (without telling them) to get them to reuse their existing [pick your small list of major OPs here] accounts will mitigate this and give your users added security. If your site is hacked, their credentials won't be stolen. And if other sites your customers have accounts with are hacked, there's a good chance your customers account with you won't be compromised.

Reason #3

Fewer support calls and web pages to support users who forgot their passwords.

Andrew Arnott
For people who don't know what OpenID is, and you just show a Google or Yahoo button, they will run away because they will think you are stealing their account user name and passwords.
Martin
Martin, perhaps a few people would. Many people who log into web sites that accept an "email address" for a username and a password not only reuse the same password across sites, but use their email password for it. Most people don't even know what it means to be phished, let alone when it's happening. It's sad, but the truth. Those that know tend to be able to look at the Location bar and see that they're indeed sending to yahoo.com. Remember that OpenID didn't introduce "Login with Yahoo!". That button's been around for a long time.
Andrew Arnott
Finally someone who presents a good argument for using OpenID on an e-commerce website! You are swaying me.
Eloff
Excellent answer. #2 is exactly the point I tried to make in comments to my answer, just presented more clearly. :) And nice, outside-the-box thinking in #1 and #3.
Jonik
@Jonik: yes, #2 is the same point you made. And you are right on the money. But saving people from their own bad security habits is hardly the goal of an e-commerce site.
Eloff
Eloff, well I'd say maintaining your customers online security is within the interest of an e-commerce site at least insofar as it protects the site from purchases made by identity thieves, resulting in the merchant having to not be reimbursed by the credit card companies.
Andrew Arnott
+1  A: 

Always keep things consistent. OpenID is still in infancy and non-existent to most casual users. It will confuse users who are not familiar with it and they may even end up thinking that they're opting to 'Open' their IDs to the general public.

You can optionally embed a unobtrusive link on the sign up saying "Have an Open ID?". This way you, those familiar with it know to use it, those who aren't simply ignore it.

gAMBOOKa
YES! This is what I was going to write.
Martin
Currently, probably less than 1% of people might click that "Have an Open ID" link, making it a waste of time. I like the idea, but it's not practical.
Eloff
+1  A: 

I have been finding more and more that if I'm required to pick a username, and my preferred one is already taken, I'll simply leave the site. At least one company has lost a sale this way, and I refuse to join Twitter. On the other hand, sites that use your email address as a username don't have quite the same problem. For me, it's a different problem: Which address did I give them?

The good news about OpenID is that a few major sites have found a way to make it easy for new users to figure out what's going on, by listing the icons of a few sites where they're likely to have accounts. Whether your average user will trust that method is still in question, though.

eswald
I'm sorry, but you might be 1 in 100,000+ people who do this. If I really want something, and my username is taken, I find a new one.
Martin
+1  A: 

I feel it depends on the end users of your system. Open ID is successful in SO because people who are using SO knows some thing about Open ID.

But, I am not sure whether the same thing will be applicable to a Greeting card site / online shopping site where my parents go. The problem I see here is you give users a choice between various providers they will get confused.

One of the way I could think of for check out process is not to force a user signup. If they decide to simply check out let them do so.

Ramesh
I think most people who encounter StackOverflow still haven't heard of OpenID. I think StackOverflow demonstrates that OpenID as a login system is successful at teaching people what OpenID is.
Andrew Arnott
Its easy to teach about OpenID to a tech person compared to a layman and so depending on the target users you may or may not want to implement Open ID
Ramesh
A: 

I'm a developer and tech-savvy person and I find it horrible to use OpenID. But that's just my opinion. In the end you have to choose what fits best with your hypothetical end user.

Sergio Tapia
A: 

Personally, I think the value of a well implemented 'lazy registration' concept is far more useful than the OpenId itself.

I already have so many accounts online I don't mind registering on new websites, but forcing me to sign in just to see what the service is about, or to complete an order, is very annoying with or without openid.

zalew