The other day I wanted to log in to my StackOverflow account. I was presented with this screen: http://i.imgur.com/SwuVJ.png
Shoot, did I previously log in to SO with my Google account? With my Facebook account? How can I remember? Or maybe, I created a "myOpenID" account? After trying various combinations, I became frustrated by the error "No OpenID endpoint found."
Finally, I ended up spending twenty minutes digging through my old e-mail to figure out that I did, in fact, create a dedicated OpenID account at myopenid.com.
It turned out, for some ungodly reason, that I have to enter my OpenID as "http://<my username>.myopenid.com/" -- I would not have ever guessed this.
As a developer, I can appreciate the motivation behind OpenID. But the execution is simply frustrating.
I don't get why people create ton of OpenID identities, then use them in a way they can't remember which one they use where. I have one "main" OpenID URI per identity (with several "backup" ones, which I use on sites who allow me to associate multiple OpenID URIs with the account) and have never experienced such kind of problem.
OpenID is fine in this regard. The root of the problem in lack of site with a short and concise explanation what OpenID is, and best-practice tips on how it should be used. With all contents in public domain or under very non-restrictive free license.
Also, I'd note that the problem you mention is the same for passwords/passphrases. I.e. you have to remember whenever you used one password generator or another (I, unfortunately, have two, because due to way-too-smart sites which decided they won't accept some ASCII non-alphanumeric characters, passwords made by first one, while being secure, weren't allowed to use), or the site was a special case where you typed man-made password. "Did I use my X password here? Or my Y password?" - it's exactly the same.
If you forget your password, you can have the site reset it for you, as long as you have your email, generally. You can't have the site tell you which OpenID endpoint you used though.
That you think OpenID fails because there is no concise explanations of best practices and tips is damning enough. Most users aren't going to read that stuff.
Email is exactly the same as OpenID in this regard. Your forgot-which-OpenID-was-used could be compared to forgetting which email address was used. And this is, actually, popular. It's just a hype that everyone's talking about OpenID - totally forgetting that traditional systems have the same problems.
If you're doing it right - by having one primary OpenID URI (per identity) - you won't really forget what your OpenID is.
> Most users aren't going to read that stuff.
Nor passwords, nor OpenID were ever intended to work around this kind of problems. And I doubt there's any solution at all. Users will always forget all sort of things, use and reuse totally insecure passwords, keep their backdoor open wide with silly "password recovery" questions anyone could guess, leak all kinds of sensitive information and whatever else they could do wrong.
Sadly, "OpenID sucks" became a meme. And this is the main reason why OpenID suck now.
Shoot, did I previously log in to SO with my Google account? With my Facebook account? How can I remember? Or maybe, I created a "myOpenID" account? After trying various combinations, I became frustrated by the error "No OpenID endpoint found."
Finally, I ended up spending twenty minutes digging through my old e-mail to figure out that I did, in fact, create a dedicated OpenID account at myopenid.com.
It turned out, for some ungodly reason, that I have to enter my OpenID as "http://<my username>.myopenid.com/" -- I would not have ever guessed this.
As a developer, I can appreciate the motivation behind OpenID. But the execution is simply frustrating.