OpenID and standard authentication usability
February 19, 2008 – 11:32 amMaybe it’s just me - I haven’t implemented OpenID anywhere yet (it’s on my list, I swear!), so I could just be missing something - but is there a fundamental problem in allowing a single user to log in with both OpenID and via standard authentication?
Take Basecamp, for instance. I used to log in with a username and password. After OpenID became a possibility, I used it - and now, my username and password don’t work at all. Unfortunately, I’m not all that bright, so I often forget which sites I’ve used OpenID on and which I haven’t (this is compounded by the fact that the “login with OpenID” links are often small and/or hard to see). As a result, I’ll try to log in three or four times before I realize what’s happened. How hard could it be to link up a standard authentication account with an OpenID login?
4 Responses to “OpenID and standard authentication usability”
Basecamp DOES support both, at least our Terralien basecamp does. There’s a link next to the “Sign In” button which says or “go back to the normal login”
The ability to fall back is pretty much an essential requirement to implement openid in a user friendly way, it’s the moral equivalent to “I forgot my password.” for those occasions where the users openid identity server is down or unreachable.
By Rick DeNatale on Feb 19, 2008
I think the problem stems from the fact that people using openid never have to sign up. A new openid user who wants to sign up for the service does not go through the standard signup form, instead they just click “login with openid”. In order to connect the two accounts, the web application would need to request the user’s email from their openid provider and then try and match it to an existing account. This works in theory but the open id provider does not always provide the user’s email address (either because the user told them not to or otherwise).
So I’m sure it can be done. I just don’t think the solution would be perfect.
By Rob Olson on Feb 19, 2008
Rick: Sorry, I was unclear - since I logged in with OpenID on Basecamp, my non-OpenID login *no longer appears to work*. I can get back to the form fine, but it doesn’t even recognize my username anymore.
By Ben on Feb 19, 2008
Hi Ben,
Basecamp does have that problem, you’re right. Although it’s great to see OpenID on there, it’s not the best implementation.
Done correctly and a site should allow you to supplement your normal login using an OpenID login (as Ma.gnolia or Plaxo do). It’s taking a little while for best-practice to become standard though!
By Peter Nixey on Feb 20, 2008