OpenID has failed

… so it’s OK for you all to stop using it now. It was a terrible, user-hostile idea to start with. Browsers can remember passwords securely — they’ve been doing this since long before OpenID existed, and they’ll continue to do it long after it’s gone. OpenID was a poor solution to a non-problem.

This nicely sums up all that’s wrong with OpenID.

Now, stackoverflow, can you please let me log in?

About these ads

15 Comments

Filed under Uncategorized

15 responses to “OpenID has failed

  1. Andreas Schneider

    I’m a fan of browserid.org

  2. adamwill

    Yes. This is great! Now we can log into lots of sites using our Facebook, Google or Twitter accounts! Isn’t that just fantastic for everyone?

  3. adamwill

    Yeah, browserid is good too (I set it up on my site).

    The biggest problem I have with richard’s post is the idea that simplifed ID is a ‘non-problem’. It’s clearly a problem (possibly spelled ‘opportunity’) for someone, which is why Google, Microsoft, Facebook and Twitter are all pushing so very hard for other sites to start using their auth mechanisms and hence identities. This is a very, very, very, very bad thing in all kinds of ways, and if OpenID (or a similar, better mechanism) had succeeded, it wouldn’t be happening. There is _definitely_ a problem.

    • rich

      What’s wrong with me just signing up separately for each site? I only sign up for maybe 10 or 20, and my brower (+ a piece of paper) remembers all the passwords.

  4. Amadeus

    Well the website you are trying to login to is called Server Fault =)

  5. willdaniels

    I think the problem that OpenID addresses has a lot to do with spam. In many cases it’s less about authentication, more about identification. I know myself that I have sometimes wanted to comment somewhere and haven’t bothered because I know I’m not likely to visit the site again and can’t be bothered to create an account.

    I think most of us are happy to have people comment on our posts, so long as they are willing to identify themselves.

    A few years back (when I used to publish more stuff, and before everybody was an identity provider) I made an RDF-based comment plugin for my website using OpenID for identification. I liked the idea of just adding statements using SIOC terms written against a person’s URI. It seemed elegant and openly connected that way, and my comments form became simpler.

    But I have to admit, I stopped receiving so many comments :D

    Nowadays I silently groan when I see a clump of networking site logos instead of a little box to enter my URL, but I understand from experience why they are there. It seems people would rather register an account and decipher captchas, or cede control and use of their identity to Facebook, than type a domain in an OpenID box.

    So I might be tempted to agree with you that OpenID is overused for account authentication, especially in places where they aren’t going to helpfully publish data connected to your ID, but I do not agree that it is entirely solving a problem that doesn’t exist.

    I think the problem exists, even though I’m not sure that OpenID is the solution. BrowserID does sound better, although I always used browser certificates via MyOpenID anyway (I assume that’s what it does).

  6. leif81

    Either my sarcasm detector seems broken or you guys are drunk. Every single one Yishan’s proposed alternatives to OpenId are absolutely mad.

    Signing into StackOverflow with my Google account with one click makes me happy.

    Signing into other OpenId sites requiring me to paste my OpenId URL (that I have to Google each time to remember) make me sad.

  7. leif81

    Oh the irony. This WordPress blog uses OAuth for signing in to post comments. Just to be clear OpenId != OAuth. But often that’s obvious because many sites present your Twitter or Facebook OAuth account as a universal sign in (and then get access to lots of your data).

    • adamwill

      leif81: and Google doesn’t get access to lots of your data if you use it as an SSO mechanism?! they’re the worst of the lot.

      • leif81

        OpenId doesn’t give up your data (contacts, emails, etc). OAuth can. OpenId almost certainly leaves a trace in Google’s history that I signed to StackOverflow though.

  8. I really don’t understand what’s your problem: on http://stackoverflow.com/ my OpenID (http://matej.ceplovi.cz) works just fine, and I can happily log in to all websites which are enough civilized to let me use it (hint, hint, …).

    Is the problem that your OpenID provider failed? Use another one (and yes you can keep same OpenID if you used indirection; see my webpage for an example).

  9. I think OpenID is a much better solution than having to sign up for Yet Another Account at every single website.

  10. Wow, to link to that article on Yishan was shocking.
    If you don’t like openID don’t use it.!
    But to follow any suggestion that Wong posted is making you worthy of being shot. In life we should be improving quality and working smarter. Not dumbing down our technological achivements because of some grumpy guy who couldn’t work something out.

  11. Vladimer

    For social web sites, I think OpenId is the greatest technology, but for managing your very personal data like bank accounts, IRS records etc is simply not suited.

    The “problem” part of the OpenId needs to be broken up in many different pieces and then discuss what it is suitable for and what’s not!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s