I love the OpenID concept, but here are three major problems IMO:

1) Will users remember an URL? Users already have enough problems remembering their own email addresses! And I don't think the "users are familiar with URLs" assumption is true: I've seen over and over non-tech users actually using Google as an address locator (that is, typing "Yahoo Mail" on the Google search box to access Yahoo Mail).

2) The phishing issue is a show-stopper, and convincing users to download a plug-in or install a client cert is simply not feasible. I don't see how they will fix this issue, unless if they convince Firefox and IE to provide an out-of-the-box fix (like a pre-installed plug-in or an open id CA cert)

3) It's not like user management is a huge pain from an implementation standpoint. And right now the risks of outsourcing user management to OpenID is higher than doing it in-house.

A 100 million users can't be wrong

63M of those are AOL users: http://dev.aol.com/aol-and-63-million-openids

Those OpenIds were created automatically. What percentage of those AOL users do you think even know what OpenId is?

You don't need to know the name of something to use it. I think OpenId is going to become like an email address.

This claim is quite misleading. How many of those 100 million users are actually using OpenID? I suspect a majority of those are AOL accounts. Is AOL actively promoting OpenID among its users?

UPDATE: I just noticed kmt (post above) asked the same question, sorry for the double comment.

Who here actually has an open id? I don't know anyone with one.

I am seriously considering getting one. Its also interesting how seem to have parallel systems. An OpenId system running alongside a login systems as we know it.

I guess thats a critical mass. Enough to make you think hard about allowing people to log into your app with open id.