tags:

views:

366

answers:

4
+1  Q: 

OpenID: Single User Interface Supporting Both Email/Password and OpenID

I like the idea of OpenID, I really do. But few of my target users have even heard of it - yet. If I want to offer OpenID as an option, my only choice would seem to come down to offering BOTH email/password authentication AND OpenID.

I've seen several sites that use this combination and the idea seems unappealing to put it mildly. Placing both options on the same screen is distracting and pointless if only 10% of users will even care about OpenID.

So I'm wondering, how could I offer a single user interface that supports BOTH OpenID and email/password for authentication and account creation?

One possibility I've been considering is to use a single OpenID/email field that can detect whether an email or OpenID was used and then dynamically adjust the interface accordingly.

For example, an account creation page might start off with a single field labelled "email" with some unobtrusive text along the lines of "we support OpenID". If a user enters a url, then the interface switches to an OpenID account creation page (via JavaScript). If an email address is entered, nothing happens.

What's the best method you've seen for hiding OpenID from the average user, but at the same time letting tech-savvy users know that your site supports it?

+1  A: 

See how SO here does it. That's a good a example, I like your idea of adapting the system by entered email as well, this is a trick facebook uses to send out facebook invitations to other people in your address book.

whatnick  2009-09-27 04:44:26
Thanks, but actually the SO approach is the one I'm trying to avoid. I don't want my users to have to stop to think "What's this OpenID field for?" I want OpenID to get out of their face.
Rich Apodaca  2009-09-27 04:50:00
Then do the sneaky facebook - I am in ur emailz approach.
whatnick  2009-09-27 04:53:25
Had another look at how SO does it. Turns out they do it two ways. One way with email/password OR openid (not so good). And another with OpenID selector (looks lik RPX, much better).
Rich Apodaca  2009-09-29 01:13:31
+1  A: 

Would something like the following work?

Link to Login Page.

Now this site is running DNN and obviously it could be redesigned to be friendlier for the users. But the key here is that the standard way to sign-in is presented as the default sign-in.

I would probably redesign that site's interface to put LiveID and OpenID in a border labeled with Alternative Login Methods (along with a button for more help on how to use them) as well as change the buttons to read Sign In Using LiveID and Sign in Using OpenID.

 2009-09-27 09:26:20
That's more along the lines of what I'm looking for. The method needn't necessarily use JavaScript to dynamically rebuild the interface - it might just offer dedicated screens for each method.
Rich Apodaca  2009-09-27 14:54:43
+4  A: 

I think the way Uservoice combines username+password with OpenID is elegant.

That said, I disagree with the argument of not using OpenID merely because few people have heard of it. If you offer a few login buttons like "Login with Google" and "Login with Yahoo" alongside your "or, create a new username and password for yourself", then you don't even have to mention OpenID, and yet most users will likely pick the more convenient (OpenID) option without even realizing what they're using (and that's good!)

Andrew Arnott  2009-09-27 20:15:31
Nice... looks like they're using RPX: https://rpxnow.com/.
Rich Apodaca  2009-09-27 22:27:32
Yes, I think so. But RPX is only handling the OpenID side. The username/password part is still up to the hosting web site, I think.
Andrew Arnott  2009-09-27 22:34:51
There's a Ruby Gem here: http://github.com/grosser/rpx_now
Rich Apodaca  2009-09-27 22:39:02
This article raises some concerns about RPX: http://blog.nerdbank.net/2009/01/why-using-rpxnow-is-bad-idea.html
Rich Apodaca  2009-09-27 23:27:03
Yes, that's my article. :) I like RPX's UI, but I dislike the..., well, you've read the article.
Andrew Arnott  2009-09-28 00:42:07
@Andrew, geez -how embarrassing. Sorry about that. Great article, BTW. Convinced me not to go with RPX (for now at least). But I like the idea of a locally-hosted OpenID selector even more: http://stackoverflow.com/questions/1482803/openid-single-user-interface-supporting-both-email-password-and-openid/1484955#1484955
Rich Apodaca  2009-09-28 00:54:53
+4  A: 
Rich Apodaca  2009-09-28 00:50:44
Soo.... I thought your question was how to integrate OpenID and username/password authentication. I knew about the OpenID Selector, but that wasn't your question (as I read it).
Andrew Arnott  2009-09-28 15:52:29
@Andrew, you're right. OTOH, the underlying problem I have is coming up with a good way to use OpenID without users needing to know I'm using it. OpenID selectors are one approach I didn't know about previously but now do thanks in part to your original answer. I'm still curious what other options there might be.
Rich Apodaca  2009-09-28 16:32:28
The OpenID selector is awesome. I'm using it in my site. It makes things so much easier for the user. Two thumbs up.
Steve Wortham  2009-10-15 21:21:08
I just finished up the very simple OpenID login/registration process on my site: http://regexhero.net/user/
Steve Wortham  2009-10-18 22:14:01

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication