I'd probably be okay using a common login for something like that. What I look at is how much damage someone could do (and how much stress and grief it would cause me) if my credentials were compromised.

It's funny that you mention Stackoverflow as they did a sort of analysis on the whole OpenID login thing, which you can find here.

I for one don't really use that option when it's available because I prefer having an unique password for each website I have an account with, as well as providing different email addresses for each one (the advantages of Google Apps for domains, I can have *@host.com and they all get dumped into an account which then sorts them into folders by the first part of the email).

Honestly, I think you're better off ignoring OpenID and going with a specific implementation such as Facebook Connect, as more people have a Facebook account than an OpenID provider (or better said, few people know they generally have an OpenID provider).

Well, thanks for all the feedback.

Guess I'll be implementing regular login and maybe implement OpenID on the side as an afterthought.

I think a lot of the concerns expressed here comes down to singling out an OpenID provider (there are many) that you trust.

Personally, I'd be inclined to use such a solution (openID) for anything that is not of vital importance (a gaming website, even one that charges for it's usage, would fall into that non-vital category).

However, I recognize that some of the concerns presented here will mirror some of the concerns potential users will have and it is to them that I am catering to.

Side note: My main concern at this point with most form of online authentication is that lack of association between it and RL identity (nothing approaching the reliability of your driver's license here). Hopefully, this will be addressed as some point in the future, if governments start cooperating to find a lasting solution to that problem.

I disagree with you there.

Personally, I have a yahoo and gmail account, but no Facebook.

At least, OpenID gives the user some options there and I'll want to make sure that my users have those options.

I would never take a path that would tie me down so tightly with a singular commercial provider.

This is consistent with some of the decisions I've made so far (for example, moving away from Windows and going with Linux).

true there is none really... on the bright side some email sights only allow logins is you supply a special code that sent via SMS to your phone... its a nice 2nd step auth... pain in the but but worth it in the end...

now, lets talk about Windows 8 -- you cant even login without a windows live account and there tied to each other... thereby negating serial keys and such... but what happens if you lose your live account thats tied to all your M$ software? very very unsafe imo...

And everything Xbox, Zune, Windows Phone, Microsoft Store related. :/

I'm sorry but that's not true. You have the option to connect you Windows account to your Live account (and login with the Live one) which allows you sync for certain settings of Windows and even some applications, but it's not in any way default nor is it required.

only had a few hours at work to play with it.. it was enough for all of us to decline the OS in its current state... we have a timeline to try again in 6 months post release