The bane of social networking sites is the need to register one more username, one more password, and once more to fill in some sharable details. That is sooooo 2008. I am registering with a conference so I can select interesting presentations, and reminded once again how much I hate registering for sites.
These conference organizers show brilliance in the use of crowd-sourcing to select the program. They are more likely to hit the important topics, they will get more eyeballs evaluating the proposals than they ever could with a selected committee, and they will garner the interest of the community in attending. Truly a win-win situation. And I am motivated to visit, review, and give a few votes myself.
But I have to register as a new user … (sigh). I don’t like to give my email address out to organizations that use it for marketing, or if I do give it out, I will give out a unique email for that institution. If I could specify an OpenID here, I would not have to worry because there is no way to send a bunch of spam to an OpenID.
Have I registered before? I attended the conference last year, and clearly registered then; what was the user name I used last time? Is this site “powered by Spigit” using the same set of users? I don’t know. I can try a couple of user names that I normally use, but if I fail to log in it is not clear whether it is because I am using the wrong username or not. If I could put my OpenId here, there would be no problem.
I have to pick a user name, and it has to be unique. I use my favorite one, but if someone before me has already claimed that, then I have to use a modified one, and remember that when logging in here I have to use that particular modified one. Wouldn’t it be great if I could just put in a globally unique OpenID. It is guaranteed that nobody else has this ID, and nobody else could have claimed it ahead of me at the site.
I thought I might use my email address as a username like I do at some sites. That is convenient because it is also globally unique, so nobody else would have claimed it, and I only have to remember one thing. Much easier, but I get the following error:
Username may consist of a-z, 0-9, underscores, dashes, and periods.
Different sites have different rules for what can and can not be in a user name, meaning that I may or may not be able to use the username that I prefer. Why does this site force me to know the rules around what it considers a suitable username. In any case I can’t imagine why I should be able to create a user name with any combination of Unicode characters I wish to. Anyway, I pick a user name that complies with the rules, and then I attempt to create a password and get this error:
Passwords must be 6 characters or longer and containing at least one alphabet and one numeric.
The rules around passwords are even more arbitrary. Some require punctuation, and some do not allow punctuation. Some must be longer than a certain amount,and some can not be longer than a certain amount. Some can only be numerals, and others must contain letters. Once again, I am wondering why I have to learn this particular site’s preferences for what a good password is. If I use my OpenID, then I log into the OpenID provider site once, using quite safe rules which I learn once and use regularly.
Once I have registered, I have to then keep and track accurate notes about my choice for email address, username, and password. If I am entereing 100 sites a month, I am not going to keep this in my head for very long. Instead, I have to write this down, which is then a security risk that I might lose track of the notebook that holds these. Once again, with the OpenID I don’t have this problem because I have only one OpenID to remember. It is safer because I don’t have to write it down.
In all ways, registering with an OpenID is superior to creating a new account, what possible reasons could exist that stand in the way
- Vendor/developer ignorance: OpenID, like much technology, is not entirely obvious and requires a bit of effort to understand how it works. It is not really a good excuse, but I bet many people feel they don’t have the time to learn about OpenID
- Vendor/developer misunderstanding: some mistakenly think that changing to use OpenID means that you can’t keep any profile or any details about the user. This is just foolishness. The site can keep any profile information it want. The only thing that OpenId eliminates is the need to keep a password. You replace the user id with an OpenID, and all the code to allow a user to create a user id is eliminated. All the other aspects of a user profile are unchanged.
- Lack of user demand: let’s face it, few know what an OpenID is, and even fweer are demanding its use. I spoke with the designer of a major community site who said that they used to offer OpenID but removed it because it was never used, and it raised more questions than it was worth.
This last reason is the clencher: if this conference forced people to use OpenId, there would be large complaints about having to go somewhere else and get an OpenID. However, Facebook Connect and other ID sharing mechanisms are getting far more common. I am starting to see more and more “Log in with Facebook” or other IDs. Maybe there is hope after all. But it seems to be coming so slowly.
Quit forcing me to create a new identity for every site! Let me bring my own identity (BMOI) just like I use my drivers license to identify myself in the real world.
- An article on how to configure JBoss to use external authentication shows the way.
- Adding OAuth2 to ADFS (and thus bridging the gap between modern Applications and Enterprise Back ends)