I love the OpenID concept, but here are three major problems IMO:
1) Will users remember an URL? Users already have enough problems remembering their own email addresses! And I don't think the "users are familiar with URLs" assumption is true: I've seen over and over non-tech users actually using Google as an address locator (that is, typing "Yahoo Mail" on the Google search box to access Yahoo Mail).
2) The phishing issue is a show-stopper, and convincing users to download a plug-in or install a client cert is simply not feasible. I don't see how they will fix this issue, unless if they convince Firefox and IE to provide an out-of-the-box fix (like a pre-installed plug-in or an open id CA cert)
3) It's not like user management is a huge pain from an implementation standpoint. And right now the risks of outsourcing user management to OpenID is higher than doing it in-house.
This claim is quite misleading. How many of those 100 million users are actually using OpenID? I suspect a majority of those are AOL accounts. Is AOL actively promoting OpenID among its users?
UPDATE: I just noticed kmt (post above) asked the same question, sorry for the double comment.
1) Will users remember an URL? Users already have enough problems remembering their own email addresses! And I don't think the "users are familiar with URLs" assumption is true: I've seen over and over non-tech users actually using Google as an address locator (that is, typing "Yahoo Mail" on the Google search box to access Yahoo Mail).
2) The phishing issue is a show-stopper, and convincing users to download a plug-in or install a client cert is simply not feasible. I don't see how they will fix this issue, unless if they convince Firefox and IE to provide an out-of-the-box fix (like a pre-installed plug-in or an open id CA cert)
3) It's not like user management is a huge pain from an implementation standpoint. And right now the risks of outsourcing user management to OpenID is higher than doing it in-house.