There is no generic way of restoring a forgotten OpenID in itself – it’s up to every site who wants to use OpenID as a login option to create such a solution.

If you on the other hand has forgotten how to log in to your OpenID – then it’s up to your OpenID provider to decide how to handle that.

So really – there is no standard way that a forgotten OpenID can be restored – it’s up to each individual site to provide that possibility.

It’s hard to get users to register for web sites. (That’s one reason why this blog lets people post comments without registering.)

Any credible solution for federated authentication has to make things easier, not harder. OpenID makes it harder… I mean, what do I tell people? Go read this (confusing) web site about OpenID. Choose one of 20,000 providers. Well, if you choose one of them, you’re a sell-out. You should register a domain name and start your own web site and have your own OpenID provider if you want people to take you seriously…

Most users will have lost me about 1/10 of the way through that discussion.

Facebook Connect is an entirely different experience. I can tell users what to do, they do it, and then they are registered and logged into my site.

There’s a narrow window of time that other competitors might be able to get in a credible position before Facebook Connect takes over. OpenID has been a dangerous distraction that is slowing down the response of potential FB Connect competitors.

Best wishes in this new endeavor.

I’ll keep trying a few times, because I love this stuff. But the average consumer will try it, and if it fails once they may never go back.

I hope everyone in the OpenID space agrees on a standard interoperability.. Because OpenID in theory is awesome.. Let’s not let the details get in the way.

Standards that work, like WiFi, are great. Standards that no one can agree on, like Ultrawideband, aren’t.

jim

It’s tough to see value in implementing OpenID for most of my sites. With the exception of sites with a largely technical audience, most users are unlikely to know they have an OpenID via existing services. In all honesty, I tried to get my mom using OpenID and she gave up and used the same username/password combo she always does. That leads to my second issue. OpenID doesn’t replace my membership system, it only replaces authentication right?

So now I’m implementing a new tool for some users, but I still have to manage my users’ other data, so I’m really only saving a few fields in a database. I’m also likely to get stuck fielding the “I forgot my openid” issues.

I guess this is the challenge that many developers face and what I think the “getting real” naysayers are pointing to. OpenID is a great idea, but if it creates more work for me and doesn’t provide a percieved benefit for my users, it’s a tough sell.

For OpenID to be a success, the current state of things needs to improve a bit. The benefit needs to be clearer for developers and the non-tech crowd. You’re right that perception is key, but even when searching I dont’ see many OpenID success stories. It’s easy to find negative posts, but there aren’t a lot of postive experiences. Even 37Signals OpenID benefits page doesn’t really list any benefits.

1. how can I trust the OpenId provider?
2. what can be done to make OpenId understandable to non-geeks.

Congratulations on your election btw.

Colin

The major risk, and I can’t get over this, is that an OpenID provider somehow screws up and lets bad logins through. Immediately your site is at risk and you have no control over it. Your users are gonna come at you and you aren’t going to be able to point the finger at the provider because I guarantee you most people won’t get it. To me there would need to be a very compelling ROI to overcome the 3rd party risk, and I’m just not seeing that yet.

This is especially true for Google and Facebook. They already have established user bases so enrollment isn’t as big an issue as it could be, plus their products are differentiated enough that people aren’t going to be deciding against them because they have to type in a password. Maybe Google and Facebook aren’t really targets for OpenID consumers, though.

I’m glad you are blogging this stuff — I voted for you and am certain you will help move OpenID forward.

In terms of perception, though, I think the big problem is how trust fits into OpenID. Many users believe that OpenID embodies a trusted relationship, but it does not. Or as Marc says in his post, “Most normal people think OpenID is the solution and just by “using it” all their issues will go away. HAH!”

Because of the trust issue, few sites act as RPs because they can’t trust arbitrary IPs.

I know you are big on the user experience, and this fits in well: User’s expect their OpenIDs to be accepted everywhere, but just because you have an OpenID doesn’t mean it will be “good enough” for a site that uses OpenID.

I hope you (and other members of the board) are interested in tackling *this* perception issue.

Robert