[OpenID] Yahoo OpenID UX Study
Martin Atkins
mart at degeneration.co.uk
Fri Oct 10 06:48:05 UTC 2008
Allen Tom wrote:
> On the RP side of things, our recommendation is that they emphasize to
> users that they can sign in with an existing account, specifically their
> YahooID. We believe that the YahooID, as well has IDs from other
> providers, have a higher brand awareness than OpenID. We also believe
> that first time users signing in with an OpenID should be able to go
> directly to their intended destination after signing in, instead of
> having to complete additional registration. Hopefully, as
> SimpleReg/AttributeExchange are more widely supported (Yahoo does not
> currently support them), RPs will no longer feel the need to force the
> user through an additional registration form after signing in with an
> OpenID.
>
>
I agree that at this point users shouldn't be seeing the name "OpenID"
as the primary brand for logging in. I like Yahoo!'s big "Sign in with
Yahoo!" button because it gets users to click it before asking them any
difficult questions, at which point you can get them away from that
pesky username/password login form before you explain what'll happen
next. While this sort of thing can't scale beyond a few big providers,
and it doesn't really teach users how to use generic OpenID, it does
seem to be a reasonable way to get people used to the idea that they can
log in to a site using another account without sharing credentials,
which is one of the big things that I think people don't get about the
OpenID paradigm. When LiveJournal first introduced and announced
OpenID[1], several users were baffled as to how GreatestJournal (a
LiveJournal "clone" site) was able to authenticate their LiveJournal
accounts without them entering their passwords, and several folks
apparently thought that no authentication was going on at all and were
worried that people would be able to pose as them.
See, for example:
http://news.livejournal.com/86532.html?thread=25236484#t25236484
http://news.livejournal.com/86532.html?thread=25273860#t25273860
Clearly not much has changed in this regard since 2005. It's frustrating
that not only are users eager to share credentials from one site with
another site, but that in many cases their mental model doesn't allow
them to understand how it can work any other way and that makes them
scared. We need to find some way to reverse this so that users expect
*not* to have to share credentials and get scared if they are asked to
do so.
Of course, which providers to special-case will depend on the
application. For a weblog, it'd presumably be appropriate to
special-case weblog-related services like LiveJournal, TypeKey and
WordPress.org in addition to Yahoo!, etc whereas this probably wouldn't
make so much sense outside of the blog world where people are unlikely
to be familiar with these brands.
[1] http://news.livejournal.com/86532.html
(I find this discussion interesting in general because it shows a lot of
concerns from "normal people" about OpenID that, in most cases, still
exist today.)
More information about the general
mailing list