OpenID : good and bad practices
I remember when OpenID has been announced I was thrilled because I’ve been waiting for such a service for a long time. So many services, sites, forums to subscribe to, blogs to comment on, and often discouraged to create a new user account for just a one-time contribution. Most of people ended up creating the exact same account on dozens of websites: same login, same password, which is a terrible breach of security.
So I thought it would be great, and it would be easy to use and understand. It took some long months, even years, for the service to become popular and for platforms, CMS and framework to propose its implementation. Today, it’s almost everywhere. But in most cases, it’s not easy to use, because of bad practices that come with it.
Best example of bad practice
Very often found : a single field asking you to log in with OpenID.
The previous example comes from http://paris2009.drupalcon.org . It’s a Drupal website, and you’re ending up with this situation when you just activate the OpenID module on a Drupal website. It’s going to work for users who already know more than a bit about OpenID, but not for new users. Even if you click on the “What’s OpenID” link you’re not going to be told what you’re supposed to type in the field. Morevover, if you finally get what to type, you’ll be ask just after to create a full new account, yes, with a login, a password and various informations the site requires. Ok for the informations, but what’s for the login and password? Of course your account appears to be linked with your OpenID, but I really don’t see the point here. Mostly useless.
So what is a good practice for OpenID?
Check below how StackOverflow propose you to log in using OpenID:
That’s it, just click on one of the services you belong to, and you’ll be loogged into the site with a new account. Nothing to fill, nothing to tell. Click it. One told me that StackOverflow is known for this kind of OpenID good practice, so don’t hesitate, copy them! You want OpenID on your site? Do it the right way and propose these services buttons. If you don’t, don’t bother implement the single field, I bet that almost no one is going to use it.
A bit more about UI, User experience and openID
Notice how StackOverflow don’t propose you to create and account without using OpenID. They made their choice: no user account beside OpenID. Usually, when you try to login into a site, you’re getting prompted to enter your login/password or to create an account. Then if you decide to create one, you’re proposed to do it within the site’s user system, and a link invites you to log with OpenID. So in the best case scenario you’re two or three clics away to start registering. Why so much? OpenID option should be there right away, and even if it’s not the only way to login, it should be proposed alongside of the normal registering form, not in a different page. Remember that we don’t want interactions. We want to minimise our interaction. (citation got from a tweet of Leisa Reitchelt at UxLondon 06/09)
Aucun Commentaire, Commentaire ou Rétrolien
Répondre à “OpenID : good and bad practices”