I was setting up OpenID for a Drupal site and realized that nobody is going to know how to use it. The link “What is OpenID?” goes to OpenID’s home page, which greets customers with a Big Wall of Text that nowhere explains what to put in the little OpenID text box. Yahoo did a “usability study” (it only asked 9 people, all women in the same age group!) that suggested that non-tech users have no clue what OpenID is or how to use it. In fact, a quick search found many tech people who had no clue what OpenID is meant for. This is yet another example of tech people not knowing how to communicate to those outside their tiny circle.
OpenID is simple and useful. Right now most people use the same username & password to create accounts on every random website they visit. With OpenID you use your account from Yahoo (or Facebook, Google, etc) as a badge to quickly enter a new site. The site creates an account for “firstname.lastname@example.org” without asking for your username nor password. It doesn’t know much else about you. From now on, when you log into Yahoo you are automatically logged into every other site that you’ve connected with OpenID. This is called “single sign-on”.
The current situation is intolerably insecure. Since most people are using the same username & password, a hacker site could collect your info and try it on every major site out there. They are bound to break into many accounts. OpenID reduces this problem because rogue sites won’t have any useful information about you (though they can still try a phishing attack). OpenID is more secure than existing practice for signing into multiple accounts.