OpenID has lost one of its largest proponents. Stack Exchange, the company behind StackOverflow and other Q&A websites, will be completely eliminating support for OpenID on July 25, 2018. This continues a long running trend of websites eliminating OpenID from their offerings.

Joe Friend, product manager at Stack Exchange, cited several reasons for the change. The primary reason is cost; the number of people using OpenID is very small compared to the effort required to keep it functioning. At last count, only 13K users logged onto Stack Exchange in the last 12 months. This is out of over 9.5 million accounts, or “roughly one-tenth of a percent”. He goes on to say even with inactive accounts there is still only 2.9% of users choosing OpenID.

The idea behind a universal login for all websites continues, but that universal login will be controlled primarily by two major players: Google and Facebook. This is in stark contrast to the goal of OpenID, which was to offer a universal sign-in system where no one player was allowed to dominate. In theory anyone could create an OpenID provider and many people made their own rather than relying on a publicly available offering.

Over the years we have seen OpenID providers shut down, much to the frustration of their users. Joe Friend cites two examples of providers they’ve had to remove from their site: ClaimID and myOpenID. Stack Exchange’s own OpenID provider will also be shut down, though the exact timeline hasn’t been published yet.

All of this should raise serious concerns for websites relying on Google or Facebook. What happens if they decide to shut down their universal login services? While removing it completely is unlikely, they could choose to disable universal logins for a particular website for any number of reasons including:

A legal or financial dispute between Google or Facebook and the website

Accusations, real or false, of inappropriate or illegal activity on the website

Changes in the law regarding data use and sharing

Trade disputes between two nations

Censorship of Internet traffic at the national level (e.g. the Great Firewall of China)

While there is no reason to panic, it is essential that any company relying on a universal login provider include contingency plans as part of their overall disaster recovery plan. If login services are unavailable, it can potentially cripple a company for weeks as they develop and notify their users of alternate login options.