If you're implementing Facebook Connect on your own site, you should make sure you offer people the option to later set up a username and password for their account (or associate another OpenID or similar) to avoid this exact problem.
Facebook makes it very easy for everyone. As a developer, there is a place in the Facebook Connect settings to put a url that they will send the user's id to in the event that the user disables their Facebook account but wants to keep their account with your site.
That is a good idea. I set up a customer's portal to use FBC last year and as impressed by how simple this was. It would be easy to implement your secondary login idea, so I'll probably do this in the future (or at least suggest it).
I see this often, and I don't get it. I go to a site that accepts OpenID and click the button. If I'm already signed in to OpenID, I'm in. If not, my OpenID provider's page pops up, I sign in, and I'm in.
Are other OpenID experiences not that simple, or am I so out of touch that I don't recognize that "OpenID is hard!"?
Given that the average Internet user is much closer to "Googles [facebook login] to get into Facebook and assumes the first result is right" than they are to "Implemented OpenID for their day job", and that I'm in the second group and still can't reliably speak about the subject without having a glossary in front of me, I'm thinking if you even have to say "OpenID provider" you've already lost.
The vast majority of OpenID sites require people to type in or copy/paste a URL. And most people haven't set up or don't know that Yahoo and Google and whoever else can provide OpenIDs.
Seriously, Facebook Connect and Sign In With Twitter (not as seamless, but decent) are much, much better flows than any OpenID implementation I've ever seen.
I like that GUI, but it is unclear what your username is for if the password is not given to you. I think you mean that the password is given by the login provider, but then does that mean the user has two loginid's with you? [One for you and one for the provider] I am not the user who thinks you should google for your facebook account, but unfortunately I guess I am a bit confused! I wish I weren't because I really like the OpenID idea and haven't had troubles with the GUI myself... except it does take more screens it seems.
I see the problem. Your username is a way for people to identify you on the site. Usernames are unique. For example my profile would be on http://singleforest.com/users/epochwolf and all comments I make would have my username (epochwolf) on them.
I can definitely make this more clear on the registration pages.
Seems particularly troublesome because of cascading failure, not just when deliberately deleting your own account. Facebook regularly suspends accounts for all sorts of reasons, and I'm not sure there's enough transparency and oversight in why and how they do it, and what the process is for getting access restored, to trust them as an general-purpose authentication gatekeeper.
What do you think about the Twitter Sign-in API? I like that Twitter involves delimited, public information, so linking it to other accounts may be less problematic.
I don't use it either; I've never really thought much about it, but part of the reason is certainly because I don't want to tie anything I'm doing online irrevocably to FB.
Twitter OAuth is analogous, though I'm much less cautious about using that. I see twitter outlasting FB, but I've been wrong before...
I'm trying to use as much OpenID as I can. But I don't have to trust my openid provider (myopenid) to stay forever. I have my own domain, and I have amazon S3 account. so I just cnamed id.mydomain.com to S3 and uploaded a simple OpenID delegation file to S3 which is now accessible at id.mydomain.com/vitaly which is the url I use to signup for services. If I ever decide to leave myopenid (and I started thinking about switching to google, since I'm always logged into gmail) I can just switch the text file and it will just work.
