Missed It!
Today Reader showed me a posting that Sourceforge was now using OpenID. I headed over to the login page and sure enough there was an entry field for my URL. I immediately identified myself, and when I returned to SF, I was presented with a button stating that pressing it would create a SF account.
This is Excellent.
Then, I pressed the Create SF Account I was presented with a standard registration form, the top half of the form pre-populated with identification that was pulled from my OpenID registration. Towards the bottom of the page I saw fields for passwords, confirmations and a super secret question one could only suppose would help me recover the above password.
Idiots!
Top marks for Marketing and Promotion, but no score for Creativity, Usability or THE POINT. OpenID's sole purpose is to leave the responsibility of the identity at http://wes.devauld.ca in my hands. Using only the registration portion of the specification is like clapping with only one hand.
It's broken.
The architecture supports the idea of less passwords, super secret questions and usernames. What SF has implemented is a methodology of reserving usernames, and again instituting the archaic standardized practices that have been forged for usernames and passwords. The super secret password is the worst practice to spread over the network.
The more places that know my Mother's maiden name, and where I was born, the less I need to be socially manipulated for that information. It is like when the bank asks for your passwords. You either use the same one everywhere because it's easier, or you forget it and you have to go the long way around verifying who you are. Why not use OpenID for it's intended purpose? Set up a single online identity that fits in a text box and leave the responsibility for passwords, resets and secret questions your my hands.
