Unique Usernames vs. Email Addresses - What does this mean for OpenID?

Mon Nov 6 19:55:55 UTC 2006

As mentioned in a previous email http://openid.net/pipermail/user- 
experience/2006-November/000028.html , there was recently an active  
discussion in the IxDA mailing list re: usernames vs. email addresses  
for sign-in (thread found at http://lists.interactiondesigners.com/ 
pipermail/discuss-interactiondesigners.com/2006-October/ 
012228.html ). There wasn't much of a conclusion. The more hardcore  
usability people tend to lean towards empowering the users by letting  
them enter whichever they prefer. From my experience working in the  
online personals/social networking and MMOG worlds, I would tend to  
lean away from using usernames because:

1. unique usernames don't scale (how often to you see implementations  
of "check availability" because of this problem?)
2. email addresses have a known format/structure which makes it  
easier for users to fill in the form during registration and after  
being away for a while
3. email addresses can be reused to keep in contact with members

The issue of users having multiple email addresses is largely solved  
by the site keeping in contact with the user using the email address  
provided. It would be very difficult for me to forget my Amazon email  
sign-in because they send me emails every week.

OpenID seems like it could be a very compelling replacement. UX and  
product folk have been struggling with this issue for a while (Here's  
the link to Jakob Nielsen's Useit Alertbox from 1999 that addresses  
this issue: http://www.useit.com/alertbox/990711.html ), what lessons  
can be learned from existing authentication implementations?

The core issue for product and marketing folk is to authenticate  
users with as little disruption to the user process as possible.  
Every step that a user must take in order to achieve a goal on a site  
increases the likelihood of abandonment (think initial registration  
not sign-in). I would argue that any process that wants to replace  
existing systems should attempt to be more efficient in this regard.  
Placing control of user data in the user's hands is one piece to the  
puzzle, but it will be a lot easier to convince potential relying  
parties if we can show increases in conversion and decreases in  
support related issues re: lost sign-in information.

I believe there is some risk in attempting to change the way users  
sign into sites. What happens in the future when OpenID is supported  
on sites where a person already has a membership? Is there any way to  
connect that user's previous account/membership to their OpenID  
account? Has this been discussed?

Josh Viney
http://www.eastmedia.com -- EastMedia
http://identity.eastmedia.com -- OpenID, Identity 2.0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20061106/a1288399/attachment-0001.htm>