Stack Overflow is obviously a great example of really successfull implementation of OpenID, but let's be honest - it's a little easier when your target user base is geeks like us! I'm really interested to hear people's experiences of implementing OpenID outside hi-tech websites.
What kind of responses have you got from
with regards to the user experience of OpenID 'login with..' login systems?
In my experience, the use of OpenID by your average home user is low to non-existent. I guess they are either uninformed about the existence, or scared to use it. On a local news site, where commenting can be done by logging in with OpenID, statistics show less than 1% usage. Most of these users have no problem logging in with their (social site of choice) credentials, which they also support. Use of these types of login are very common.
With a universe of undergraduate university students, I had a positive experience. OpenID was required for them to register in an event. Beware the sample was small (around 150 persons) and of a narrow scope (undergraduates). Also note that OpenID was required, so they maybe they were willing to spend some extra effort.
Login with is essential and you need to add a small set of instructions, telling them to click a provider or to enter an OpenID address, and that they may have to register e.g. with myOpenId. Except for an audience of programmers, virtually no one is going to enter an address of his own the first time (some tried to enter their e-mail or their name, but then they eventually got it -- maybe they read the text). After registering with myOpenID, one or two entered their claimed identifier directly.
I showed only three possibilities: Gmail, Yahoo and myOpenID. For myOpenID, I used IDENTIFIER_SELECT (I didn't tell them to enter their username and use that to build the URL, like SO does). Around 80% used their gmail account, Yahoo accounts comprised little above 5% and the rest registered with myOpenID.
I only got two support e-mails where the users had made logins with two different identifiers and therefore weren't being associated with their previous login. The first case was a bug in the normalization phase of my OpenID implementation (a problem with trailing spaces). The second one was caused by the mandatory (per the spec) distinction between http://www.example.com/path and https://www.example.com/path. I think one should consider to disregard that part of the spec.
OpenID can be implemented on the client site in different ways and that affects how likely it is to be used on any given site.
I think StackOverflow does a very good job and you just click on your provider and it redirects and you can authenticate. I've seen other sites that just give you a text input that say "OpenID" and it's not clear what they want you to type in; not nearly as easy to use. Zendesk is one example:
In my experience, I notice a difference more with age-groups, than with techie/non-techie status. I guess you could look at that in general terms of younger folks being more "techie" than older folks, but I wouldn't go so far as to call them "high-tech" -- they're just more comfortable with computers/internet because it's always been part of their lives.
The younger my customers are, the less concerned they seem to be with privacy / sharing their information with a "service" on the web, be it OpenID, Google, Facebook, or what have you. They also don't seem to mind having 2, 3 or even more email accounts with different providers.
The older my customers are, the less comfortable they become putting their info online (e.g.: even the bare minimum required to get an OpenID). There are enough horror stories in the news about privacy-related issues -- be it advertisers, hackers, or government subpoenas getting a hold of their information, etc. It isn't that they know something bad will happen -- it's that they know they have no idea how to spot a fraudulent service, evaluate risks or protect themselves -- it all seems so complicated, so they make the conservative choice not to put their information "out there" at all. Some of my older customers will give it a go, but even then, I also see a lot of reluctance in this group to setup more than one email account -- they use the one that their ISP provides, and won't use anything else.
Anyway -- those comments are just about who is more or less willing to use something like OpenID. Of those who are willing (of my users, I'd say about 85% below age 40 will use it; I can count on about 60-70% of my working-adult customers in general to use it; And my retiree users are at about 20%). I have only a few complaints in the "willing" groups about usability.
I'd say that the rising popularity of Facebook as a single login is going to drastically change how people feel about logging in using OpenID, provided you make the process entirely invisible. Look at the login page for FriendFeed, for example, which promotes "one click" joining/logging in. They actually appear to be using a combo of OpenID and OAuth but the user experience is largely the same.
Now that Facebook uses OAuth, it's fairly simple to login via Twitter, Facebook, or any OpenID provider by simple implementing login for OpenID and OAuth. I actually would recommend against implementing OpenID alone as it's not much more difficult to add-on OAuth and once added provides you with the BIG THREE: Facebook, Twitter, and Google along with Yahoo, MySpace, and all the other OpenID providers that are out there.