Take the following three user registration/login methods (or add your own):
What are the advantages and disadvantages to each for a general internet audience (i.e., not a super tech-savvy audience of Stack Overflow)?
You should accept a both login by email address and by username. A user may forget one but not the other.
As for OpenID--- nobody's gonna have a clue what that means. But you could say "log in with your Google Account" - but the word OpenID should not be mentioned in any significant way.
Also, some people are gonna think you are asking for all their Google Account information. That is what I thought at first with Stack Overflow. And I thought I was tech savvy!
for a general internet audience
This is all mumbo-jumbo.
Ask your mother (or grandmother). It's all just confusing and silly.
No one can remember this junk. I can't tell them apart -- as a user. As an implementer, I prefer email addresses because the @domain business assures uniqueness without any pain to the user.
As a user, I rely on MacOS Keychain and 1Password to keep it all square for me.
One of the core advantages of OpenID is that your site does not end up storing user credentials itself because the authentication is done at the 3rd party OpenID providers server and your site is sent an authentication token.
Another semi-related plus is that you can also request other information related to the authenticating user that the provider may have. This can help to streamline the registration process further because you can get basic profile information like a first name, last name and email address which the user would otherwise be asked to provide.
OpenID works by shifting responsibility for authentication from your site to a remote third party. Because you are dependent upon that third party to authenticate your users for you, if that party is unavailable, then those users whose identity information is stored with that party will not be able to authenticate to your site if their OpenID is their only means of authentication.
Further to the previous point, because a given OpenID may represent a valid identity at many websites, a compromised OpenID is potentially more valuable to an attacker than a set of site-specific credentials. As a consumer of OpenID your site can't do much about this, but its worth being aware of nonetheless
As a user, I like OpenID because: