The authors pose a very pertinent question: Why do users reject OpenID, a Web single sign-on (SSO)? As a user who rejects OpenID SSO, I am prompted to ask why users would want to deploy this method in the first place?
It is important to note that the authors are advocates of SSO. They’d rather blame users for the failure of OpenID than acknowledge a healthy distrust of demands for personal data access. The findings from their first empirical study suggest six reasons for user distrust:
- (1) Subjects prefer their existing password management strategies.
- (2) Subjects have concerns about a single point of failure.
- (3) Subjects rightly or wrongly believe that the OpenID credentials are being given to the content provider.
- (4) Half of the subjects were unable to detect a fake Google login even when prompted.
- (5) Many subjects are simply uncomfortable about consenting to release their personal profile information.
- (6) Many subjects expressed concern with using SSO on Web sites that contain valuable personal information or are perceived as untrustworthy.
However, the authors suggest that with a more intuitive login page and more visible indications of privacy control, the study participants would use Web SSO solutions on the Web sites they trust.
The authors next describe a Web interface they developed to increase user trust of SSO, and present results from a second study of 35 subjects. Although they found increased user acceptance, they continue to blame users for the following: having incorrect mental models; preferring weak passwords; and failing to accept that data collection for user profile development is somehow necessary.
However, the authors fail to address the long-term privacy and safety of user profile data. There is no mention of potential changes in legislation, or issues resulting from the liquidation or takeover of companies that have substantial user data in storage. Nor do they address international differences in legislation. I am not convinced that a Web SSO has advantages for safe Internet use, especially for those who may be vulnerable.