There are just short of 1.3 zillion OpenID concerns out there (no, seriosly–I counted), most of them well-intentioned but overblown. And most of them are just as applicable to username and password. The biggest difference is that everyone has experience with username and password and knows all of the best practices for dealing with them. Unfortunately, OpenID is still young, and so the best practices are still evolving.
Habari developer Owen Winkler over at Asymptomatic describes how after spending months away from Zooomr, he has forgotten which OpenID he used to sign up.
I had the same thing happen to me (maybe even more than once)before I got the hang of the whole OpenID thing. Now that I have the hang, though, I’m far better off because I get to use the same username everywhere instead of discovering that “sblom” is already taken or that they require at least 6 letters and having to choose “sblomqui” or “sblom000″ or something else entirely.
However, there will always be new users on a site who don’t yet have the hang of OpenID, and who haven’t yet settled on a favorite OpenID URL to use everywhere. They’re bound to forget which OpenID they used to sign in from time to time. This is where best practices come in. The OpenID wiki has a good and growing collection of OpenID Relying Party Best Practices, where they mention, among other things, that the right thing to do is to allow users to use the email on file with the Relying Party to change which OpenID account is associated with the account in case the user lost access to their OpenID, or forgot which one was used.
Owen, I’d be happy to help you out by explaining to Zooomr how to behave appropriately as an OpenID RP.