Will OpenID catch on?
Summary: A survey of more than 300 people shows that few people have heard of OpenID, and even fewer are actually using it. Chris Messina, the guy with the guitar pictured here, has written up results of a survey conducted using Amazon's Mechanical Turk.
A survey of more than 300 people shows that few people have heard of OpenID, and even fewer are actually using it.
Chris Messina, the guy with the guitar pictured here, has written up results of a survey conducted using Amazon's Mechanical Turk. Messina, rightly, took issue with Yahoo!'s "survey" of 9 users -- which, of course, isn't anything close to a representative sample size.
The results of the survey, where 302 users responded (one response was rejected) showed that just shy of 20% of the respondents were aware of OpenID -- but only 9% were sure of what it's used for, and only 1.3% actually used it.
In case you're in the 81% who aren't familiar with OpenID -- it's a distributed service to allow users to have a single user ID across multiple sites. In theory, getting rid of all the various user IDs and passwords that we have to juggle for all the sites we use online, without handing over too much control to a single provider.
As Messina points out, pulling respondents from Amazon's Mechanical Turk gives a very good set of users to survey:
Because Turkers must have either a US bank account or be willing to be paid in Amazon gift certificates, the quality of participants you get (especially if you design your HIT well) will actually be pretty good (compared with, say, a blog-based survey). Now, Mechanical Turk actually has rules against asking for demographic or personally identifying information, but some information has been gathered by Panos Ipeirotis to shed some light on who the Turkers are and why they participate. I’ll leave the bulk of the analysis up to him, but it’s worth noting that a survey put out on Mechanical Turk about OpenID will likely hit a fairly average segment of the internet-using population (or at least one that doesn’t differ greatly from college undergraduates).
So, even among Internet-savvy users who ought to be the right demographic for OpenID -- there's very little adoption. And I'm not surprised by this.
In theory, OpenID sounds like the greatest thing since sliced bread. In practice, I've tried using OpenID a few times and find it less than intuitive. A few days ago I was trying to use OpenID with Twitterfeed, and kept running into errors trying to utilize my OpenID on Wordpress.com. (I eventually got it working through my Flickr ID.) My understanding is that OpenID isn't exactly trivial to implement for Web services, either.
I'd love to see OpenID catch on, but it does still need some work to make it more intuitive and more robust. Given that the service has been around now since 2005, I have to wonder if it's ever going to hit critical mass, or if I'm going to be stuck with dozens of usernames and passwords for the rest of my online life.
(Photo credit to "kk+" from his Flickr collection.)
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
There's a bit of chicken and egg as well
In addition, there are some places that support both OpenID and the classic username/password which I had an account with already - but they provided no way to transition or connect to OpenID. So I'm stuck with the username/password system.
Truth is, OpenID just isn't an option in most places. In addition, it's not that elegant of a solution either - it involves typing in a URL. I'm not sure most people want to do that.
Some context
SMTP or IMAP, which is used for email delivery, so
adoption won't be as obvious as say, a single web site's
traffic.
You're right to point out the issues around OpenID's
usability, and fortunately, now that folks like Google,
Microsoft, MySpace and other large providers are bringing
their OpenID providers online, I think that we'll see the
ease of use issues get ironed out over time. Although the
first version of the protocol came out in 2005, we're only
now working on the 2.1 version of the specification, which
will enable people to use their email address as their
OpenID identifier. That alone should greatly simply the
sign up/sign in process... Imagine: sign in the way that you
do today, but never create a new password (and protect
your account with the strongest authentication you want).
I'll be running these surveys every couple months. We'll see
where we are a year from now. ;)
It wil not
And in my opinion a big security risk.
Why?
There is a software program called password vault
I use PGP to encrypt a text file with all my passwords.
Either way.. one place = one target. But its not a bad idea overall.
It's not just about passwords
one needs to keep... but eventually it leads to making it
easier to move between disparate social networks and to
enable these different networks and contexts to request
access to information that you wish to make available, on a
per-instance basis, using emerging technologies like
XRDS-Simple and OAuth.
If OpenID only reduced the number of passwords, that
wouldn't necessarily validate it in the long term. It's what
you can build on top of a durable, web-based identifier
that's compelling.
RE: Will OpenID catch on?
Have a look at the OpenID deployment at www.velog.com to see if that is more intuitive. If you like it, you can implement that interface quickly and easily with a SaaS offering called RPX at http://rpxnow.com
"My understanding is that OpenID isn???t exactly trivial to implement for Web services, either." RPX allows most websites to deploy OpenID in a few hours. Read AOL's review at http://dev.aol.com/node/1864