[OpenID] Yahoo OpenID UX Study

Martin Atkins mart at degeneration.co.uk
Fri Oct 10 06:48:05 UTC 2008


Allen Tom wrote:
> On the RP side of things, our recommendation is that they emphasize to 
> users that they can sign in with an existing account, specifically their 
> YahooID.  We believe that the YahooID, as well has IDs from other 
> providers, have a higher brand awareness than OpenID. We also believe 
> that first time users signing in with an OpenID should be able to go 
> directly to their intended destination after signing in, instead of 
> having to complete additional registration. Hopefully, as 
> SimpleReg/AttributeExchange are more widely supported (Yahoo does not 
> currently support them), RPs will no longer feel the need to force the 
> user through an additional registration form after signing in with an 
> OpenID.
>
>   

I agree that at this point users shouldn't be seeing the name "OpenID" 
as the primary brand for logging in. I like Yahoo!'s big "Sign in with 
Yahoo!" button because it gets users to click it before asking them any 
difficult questions, at which point you can get them away from that 
pesky username/password login form before you explain what'll happen 
next. While this sort of thing can't scale beyond a few big providers, 
and it doesn't really teach users how to use generic OpenID, it does 
seem to be a reasonable way to get people used to the idea that they can 
log in to a site using another account without sharing credentials, 
which is one of the big things that I think people don't get about the 
OpenID paradigm. When LiveJournal first introduced and announced 
OpenID[1], several users were baffled as to how GreatestJournal (a 
LiveJournal "clone" site) was able to authenticate their LiveJournal 
accounts without them entering their passwords, and several folks 
apparently thought that no authentication was going on at all and were 
worried that people would be able to pose as them.

See, for example:
http://news.livejournal.com/86532.html?thread=25236484#t25236484
http://news.livejournal.com/86532.html?thread=25273860#t25273860

Clearly not much has changed in this regard since 2005. It's frustrating 
that not only are users eager to share credentials from one site with 
another site, but that in many cases their mental model doesn't allow 
them to understand how it can work any other way and that makes them 
scared. We need to find some way to reverse this so that users expect 
*not* to have to share credentials and get scared if they are asked to 
do so.

Of course, which providers to special-case will depend on the 
application. For a weblog, it'd presumably be appropriate to 
special-case weblog-related services like LiveJournal, TypeKey and 
WordPress.org in addition to Yahoo!, etc whereas this probably wouldn't 
make so much sense outside of the blog world where people are unlikely 
to be familiar with these brands.

[1] http://news.livejournal.com/86532.html
(I find this discussion interesting in general because it shows a lot of 
concerns from "normal people" about OpenID that, in most cases, still 
exist today.)




More information about the general mailing list