Ben Laurie blathering

Federated Login Usability Studies

Over the last few weeks, both Google and Yahoo! have released federated login usability studies.

Google’s proposes a flow very similar to login on Amazon, only changing “I’m a new customer” to “Help me log in” and “Do you have a account?” to “Do you have a password?”. Amazingly, this is enough for users to get themselves logged in without any training.

An interesting data point, though: users found their second login more confusing than the first. This is because they are used to having a password after the first login, whereas with a federated login, the experience is the same every time. Fortunately, although they’re not quite sure what’s going on, what they do ends up with them logged in anyway. My feeling is that if we start doing federated login widely this confusion will soon evaporate.

Yahoo!, on the other hand, focused on OpenID. This seems to have been a much less happy experience for users, which certainly comes as no surprise to me – it’s always been clear that the average user is not going to understand the idea of logging in with a URL. Plus, they’re damned unwieldy (i.e. big and hard to remember). So, their conclusion was one that doesn’t scale well: use per-IdP buttons.

This backs up my view that OpenID will never really work until it uses email addresses as user IDs.


  1. I believe that openid can only work if Relying Parties start whitelisting a reasonable set of well established openid providers. The only way a user can understand openid without being trained is to present them with links that say “sign in with your yahoo account” which takes them to yahoo’s openid login. This clearly doesn’t scale to more than a few OPs, but who doesn’t have either a hotmail, aol, yahoo or google account. The current open ended openid is laughably clunky and is geared toward a negligible portion of Internet users known as “super geeks”.

    Comment by max — 21 Oct 2008 @ 1:05

  2. With history sniffing (admittedly a shady practice) you could show one (or a small number) IDP-specific login button for an IDP that the user already uses. e.g. if you know the user has a Google account, show a “log in with Google” button.

    Comment by Wes Felter — 24 Oct 2008 @ 20:25

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress