SSO is good for free apps. If I built a premium app, I would be reluctant to rely on Facebook or Twitter to protect my customers' paid accounts or the access to their credit card numbers.
Totally reasonable. And as a social networking Luddite, I also appreciate you being hesitant to cut me out of your pool of potential customers in punishment for the offense of not already being a customer of an unrelated company.
But in turn, I might be reluctant to trust you with my credit card numbers. And to be honest I do get sick of having to come up with more un/pw combinations to remember.
What I'd really like to see more of is using OpenID for third-party authentication, and also some third party (I hate to say PayPal, but. . . PayPal) for financial transactions. Because it does save both of us from having to navigate that whole quagmire of trust & authentication yet again.
1. You'd certainly have to choose the right sources for SSO. I'd say people usually trust their Google account, so that's a good start (and Google does payments, so they make sure to keep it tight). Then go from there, I'm sure other dominant platforms have similar offerings.
2. You can provide an alternative set of credentials. HN is an excellent example. You can log in via id+password, OpenID or clickpass.
3. I will resist signing on until I know you (your application) better. It is more effective to get my attention first (with something like a limited intro, showing what's it about) and once I get hooked, present the payment options. Putting up a pay wall before showing anything is putting me off. Start with light authentication and then add to it once money enters the game.
ps. Requiring users to create new credentials also results in the "one password for everything" phenomenon that's so prevalent. I very much doubt that that will increase security. I'm more inclined to believe that it will do the opposite, as your service will most likely get the less secure/shared password from the get go (remember, you customers don't know how much they will value you later on).
But in turn, I might be reluctant to trust you with my credit card numbers. And to be honest I do get sick of having to come up with more un/pw combinations to remember.
What I'd really like to see more of is using OpenID for third-party authentication, and also some third party (I hate to say PayPal, but. . . PayPal) for financial transactions. Because it does save both of us from having to navigate that whole quagmire of trust & authentication yet again.