Yahoo OpenID Usability Research

OpenID is a Single Sign On protocol that enables users to authenticate at websites using their Yahoo IDs. Unlike the traditional web login experience where users authenticate by typing in their username and password, users sign into an OpenID Relying Party by typing in their OpenID URL, and after a series of browser redirects and interstitial screens, the user returns back to the Relying Party in an authenticated state.

Yahoo conducted usability studies in July 2008 to understand the Yahoo user experience while navigating the OpenID journey from the Relying Party to Yahoo and back. The participants were all experienced Yahoo users who were tasked with signing into to a 3rd party site using their Yahoo IDs without having to create a new account for the site.

OpenID Usability Research

Best practices

Help users discover the OpenID utility

  • Promote the utility, not the technology. To reach the majority of users who aren't familiar with OpenID as a technology, promote the ability to log in using an existing account, not "OpenID" itself.
  • Yahoo users respond well when informed that they can login to a new site using their Yahoo Account. Displaying a Yahoo Sign-in Button is an effective way to reach out to potential new users who already have a Yahoo ID.

Clearly support different login options

  • Many users were confused by Login screens which contained both the traditional username/password login form, and the OpenID URL textbox. Some users thought that they needed to enter a username, password, and an OpenID to sign in. To reduce confusion, we recommend that Relying Parties clearly indicate that users have a choice of logging in using traditional methods, or by using an OpenID

Return users immediately to the task at hand

  • OpenID is a means to an end. For users enabling their OpenID for the first time, keep text and the number of steps to a minimum. Do not distract them with additional options (e.g. setup of custom identifier) that may take them off course.
  • Once the user has authenticated successfully, the Relying Party should return them directly to the target page without derailing them by requiring additional registration steps.