[jasonkester]

How could implementing OpenID and OAuth for Twitter be faster to implement than a User table? Certainly you've built web apps before, and therefore have a login workflow that you can rip out and drop into a new site in the first 5 minutes of development?

One other thing you're missing is that as a new user of your thing, I don't trust you enough to hand across my twitter username or openID. I'm more than happy to create a throwaway account with you, but you're certainly not going to get any information that links my profile with you with my profiles elsewhere.

In short, you're losing a significant fraction of your potential userbase. Right now, since this is the moment when you've got more exposure than you'll ever have again. Spend 20 minutes getting a user/pass thing implemented right now, before the sun comes up in the US, and you'll quadruple your first-day signups.

[alexeckermann]

I agree that might be the case but actually the Twitter and OpenID authentication is much safer.

1) When you authenticate with Twitter or OpenID its all done on Twitter or your OpenID providers site. We cant snoop your credentials at all, you dont enter it on our site. 2) Sure authentication is an easy feature but this way we dont need to ask you for your details again, you let us talk to your service and use your existing information. 3) You can kick us off from your Twitter account from Twitter itself and at any time, see Connections section under settings.

Some people might be conscious about us being able to access your Twitter or OpenID information but its mostly available to the world on these services anyway. OAuth (which is the underlying technology behind this authentication) is being used more and more. It's much better and safer for end users, its just that initial hurdle to get mass adoption. Its the end users decision if they trust the site or not. Most people have trusted us today :)

We cant make any changes to the app whilst its being judged, not one line of code. I do agree that we should look at implementing a base user signup sans-OAuth provider but we cant do anything until Rails Rumble has been judged and voted. It was a 48 hour coding competition with many other developers around the world, see www.railsrumble.com

[jasonkester]

You forget though that you've studied all this stuff. Casual users of your thing won't have.

So when you say "Give me your Twitter username and password", they'll say no. It doesn't matter that it's actually safe. It certainly doesn't sound safe, and that's all that matters.

Argue against it at your own peril. People are comfortable with user/pass.

[dannyr]

I'll argue to the contrary.

Lots of sites use Facebook Connect because it actually drives signups.

Where are you basing your argument that people do not actually want to give their twitter username and password?

In my experience, a lot of casual users do not actually care. We had an email inviter that was used frequently where people actually have to give out their Gmail/Yahoo/Hotmail credentials.

You may be comfortable with user/pass but do not make the assumption that the rest of the world are. You may think you're mainstream but you're probably not.

[bryne]

You're blowing up a straw man. Quite a few people may actually have an active Twitter session and thus no active password entry even occurs. Open it up to Facebook Connect and it's more of the same.

You're comfortable with new user/pass and it doesn't sound safe to you.

[keithpitt]

I see what you guys mean. Hopefully when we can add features agin we'll able to implement these things. We had FB connect, but took it out because we didnt have time to test it enough. We also took out username/password auth because we felt it would complicate things - perhaps not?

[dannyr]

Hey, cut them some slack. This is for a weekend competition and if they think it is faster for them to implement OpenId and Twitter OAuth, it's their choice.

Give them the benefit of the doubt that it makes more sense for them to do this than an email/password authentication.

I don't think they are trying a big push for their site right now so they just need to do enough to make it work.