To OpenID or not to OpenID? Is it worth it?

Question

Does OpenID improve the user experience?

Edit

Not to detract from the other comments, but I got one really good reply below that outlined 3

Answer 1

Well the promise of OpenID is a single sign on for multiple websites. The issue is that it's still pretty obscure from a mass-market perspective. I personally would not implement it in a broad customer-facing application just yet.

Answer 2

It seems to me it is easier and faster for the user to simply enter a username and password in a signup form they have to go through anyway.

I think, on the contrary, that often it's easier and less of a hassle if the user can login with his existing OpenID, instead of creating separate credentials for every site. (Isn't that the main point about it.)

Answer 3

OpenId has been challenged because it is a new and unfamiliar concept. In many ways it should have been called "OpenPassword" because the main benefit is controlling a bunch of logins to many sites with a single password. However it is more than that because you specify one quantity and it says both who you are, and proves it.

I know some very experienced computer scientists who were completely thrown when introduced to the concept -- couldn't really see right away how it was secure like entering a password. Because it is called "OpenID" they thought it was just an unsecured name. I mention this because this challenge to understand is significant.

Facebook Connect is the exact same thing -- and it works simply because there are 1 billion people with Facebook accounts, and they tend to stay logged into Facebook all the time. What the facebook guys did well is the user interface, and those implementing OpenID need to take a lesson from that.

The second big mistake I see developers make is thinking that because login is handled some other place, that there is no need for a user profile either. That is incorrect. Each program using OpenId still needs to take responsibility of keeping information about the user EXCEPT for password. The password is the only piece of information that the relying site does not need to keep. Again, there is that "OpenPassword" silly idea again.

I think it is a GIVEN that OpenID will be successful once (1) the general public gets used to this idea of linking a login to another site and (2) OpenID implementors get the user interface right to avoid much of the complication.