OpenID is becoming the open single logon standard, and all kinds of websites and web-based software are using it to allow people to use a single username and identity across all their services.
A while back, Yahoo! did some research on OpenID usability (PDF link) that a lot of people took to indicate that OpenID was too confusing. It was conducted with a test group of just nine Yahoo! staff, so recently Chris Messina decided to research awareness using a survey conducted on Amazon Mechanical Turk. In effect, he paid 301 people two cents each to answer some questions about OpenID.
Neither survey was hugely scientific, but Chris’s results were summarised as follows:
Combining some of the results, we found that:
- of those who know what OpenID is, 14.81% use it.
- of those who have merely heard of it, 6.9% use it.
Given there are over half a billion OpenID accounts in the wild, including some of the highest profile sites out there (Myspace! Yahoo!), it could be argued that this is bad news for the standard.
I disagree. One of the most important parts of a technical standard is the ability for end users to use it seamlessly, without having to worry about what it is or how it works. When you loaded this website, did you stop to think about the DNS, TCP/IP and HTTP protocols that made it happen? When you send an email, do you care about the structure of how it’s routed and the protocols servers use to pass it from source to destination? Very few people would answer ‘yes’.
Similarly, I’d bet that a lot more people know what a ‘feed’ is, or recognise the orange RSS icon, than know what RSS is. (Even then, feed subscribers are likely to only be around 11% of total web users.) It doesn’t matter; they don’t need to know how it works. The sign of good technology is that it just does. The linked post talks about promoting awareness of RSS in order to increase uptake, but in truth, the tools need to get easier to use.
Therefore, OpenID awareness in end users is neither here nor there. It’s very unlikely that an average end user will ever know what their OpenID is. Far more likely, sites will have custom login boxes that invite users to authenticate using IDs from supporting sites and providers that they’ll recognise, the way some are already beginning to do with things AIM accounts. In an ideal world, these login boxes will adapt based on your cookies and IP address (using a combination of serverside scripting, some clever JS and CSS) and suggest the logins that are actually active in your browser. Visiting Google Docs from your university network? Maybe one day it’ll prompt you for your university username – or even log you straight in, using OpenID on the back-end. This sounds like magic, but wouldn’t be massively hard to build, and could simplify users’ web experience instead of muddying the waters by adding another layer of complexity.