Yahoo OpenID Usability Research
OpenID is a Single Sign On protocol that enables users to authenticate at websites using
their Yahoo IDs. Unlike the traditional web login experience where users authenticate by typing
in their username and password, users sign into an OpenID Relying Party by typing in their
OpenID URL, and after a series of browser redirects and interstitial screens, the user returns back to the
Relying Party in an authenticated state.
Yahoo conducted usability studies in July 2008 to understand the Yahoo user experience while navigating
the OpenID journey from the Relying Party to Yahoo and back. The participants were all
experienced Yahoo users who were tasked with signing into to a 3rd party site using their Yahoo IDs
without having to create a new account for the site.
OpenID Usability Research
Help users discover the OpenID utility
- Promote the utility, not the technology. To reach the majority of users who aren't familiar with OpenID as a technology, promote the ability to log in using an existing account, not "OpenID" itself.
- Yahoo users respond well when informed that they can login to a new site using their Yahoo Account. Displaying a Yahoo Sign-in Button is an effective way to reach out to potential new users who already have a Yahoo ID.
Clearly support different login options
- Many users were confused by Login screens which contained both
the traditional username/password login form, and the OpenID URL textbox.
Some users thought that they needed to enter a username,
password, and an OpenID to sign in. To reduce confusion, we recommend that
Relying Parties clearly indicate that users have a choice of logging in using
traditional methods, or by using an OpenID
Return users immediately to the task at hand
- OpenID is a means to an end. For users enabling their OpenID for the first time, keep text and the number of steps to a minimum. Do not distract them with additional options (e.g. setup of custom identifier) that may take them off course.
- Once the user has authenticated successfully, the Relying Party should return them directly to the target page without derailing them by requiring additional registration steps.