Unique Usernames vs. Email Addresses - What does this mean for OpenID?

Dick Hardt dick at sxip.com
Sun Nov 12 22:58:33 UTC 2006


Hi Josh

A number of good points you are bringing up. I think that we want to  
have have the process of logging in with OpenID to be different  
enough that users to do not think that they should be providing their  
passwords at RPs. How the user logs into the OP is a different issue,  
and could be username or email.

Here is a screen shot on how a site that is taking both existing  
accounts, OpenID and InfoCards could prompt the user. If the user  
does not understand InfoCard or OpenID, they will ignore the right  
hand side. (hopefully this email looks ok to others, looks nice on my  
Mac right now! :-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedGraphic.tiff
Type: image/tiff
Size: 71190 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20061112/004d6da7/attachment-0004.tiff>
-------------- next part --------------
As you pointed out, sites will have an existing user population, and  
as those users get either an OpenID, iname or InfoCard, how will they  
link them together, and also, how could they change or add additional  
identifiers. Here is a screen shot of . Clearly a more user friendly  
view on the left column would be needed, but as you can see, the user  
can add additional identifiers and/or delete existing ones for the  
account. One of those could be the existing username/password  
combination.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedGraphic.tiff
Type: image/tiff
Size: 53736 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20061112/004d6da7/attachment-0005.tiff>
-------------- next part --------------


On 6-Nov-06, at 11:55 AM, Joshua Viney wrote:

> As mentioned in a previous email http://openid.net/pipermail/user- 
> experience/2006-November/000028.html , there was recently an active  
> discussion in the IxDA mailing list re: usernames vs. email  
> addresses for sign-in (thread found at http:// 
> lists.interactiondesigners.com/pipermail/discuss- 
> interactiondesigners.com/2006-October/012228.html ). There wasn't  
> much of a conclusion. The more hardcore usability people tend to  
> lean towards empowering the users by letting them enter whichever  
> they prefer. From my experience working in the online personals/ 
> social networking and MMOG worlds, I would tend to lean away from  
> using usernames because:
>
> 1. unique usernames don't scale (how often to you see  
> implementations of "check availability" because of this problem?)
> 2. email addresses have a known format/structure which makes it  
> easier for users to fill in the form during registration and after  
> being away for a while
> 3. email addresses can be reused to keep in contact with members
>
> The issue of users having multiple email addresses is largely  
> solved by the site keeping in contact with the user using the email  
> address provided. It would be very difficult for me to forget my  
> Amazon email sign-in because they send me emails every week.
>
> OpenID seems like it could be a very compelling replacement. UX and  
> product folk have been struggling with this issue for a while  
> (Here's the link to Jakob Nielsen's Useit Alertbox from 1999 that  
> addresses this issue: http://www.useit.com/alertbox/990711.html ),  
> what lessons can be learned from existing authentication  
> implementations?
>
> The core issue for product and marketing folk is to authenticate  
> users with as little disruption to the user process as possible.  
> Every step that a user must take in order to achieve a goal on a  
> site increases the likelihood of abandonment (think initial  
> registration not sign-in). I would argue that any process that  
> wants to replace existing systems should attempt to be more  
> efficient in this regard. Placing control of user data in the  
> user's hands is one piece to the puzzle, but it will be a lot  
> easier to convince potential relying parties if we can show  
> increases in conversion and decreases in support related issues re:  
> lost sign-in information.
>
> I believe there is some risk in attempting to change the way users  
> sign into sites. What happens in the future when OpenID is  
> supported on sites where a person already has a membership? Is  
> there any way to connect that user's previous account/membership to  
> their OpenID account? Has this been discussed?
>
>
> Josh Viney
> http://www.eastmedia.com -- EastMedia
> http://identity.eastmedia.com -- OpenID, Identity 2.0
>
>
>
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience



More information about the user-experience mailing list