1) Sites often use OpenID for authentication, but then make you /also/ create a local profile before you can do anything. As a user, it feels like an added extra step of complexity for no reason.

2) I feel a little uneasy about logging in everywhere with one ‘account’:
• It gives the provider (AOL or Google, say) yet another way to track my web usage habits.
• It means that there’s a single point of failure - if someone cracks my password, they can now log in anywhere (I know, this is the same problem as if I use the same password everywhere, but I think that, psychologically, it feels more ‘real’ when the actual sign-in process is also the same).
• Single point of failure in reverse: what happens in the future if I’m using, say, my AIM account as OpenID everywhere, but I decide I want to delete my AIM account?
• When my OpenID ID is used as a user name (which is somewhat necessary to allow, given that the alternative is to go the way of my point 1, which is also annoying), it means that anyone who knows my account in one place can now find my account in any other place.

My logical brain tells me that point 2’s subpoints are mainly just paranoia, but that doesn’t take away the bad feelings.

I think though that if my point 1 were addressed - i.e. if OpenID worked to the extent that I could just go to a new site, log in, do nothing further, and everything worked, the sheer convenience would probably cancel out my concerns in point 2. As it stands, using OpenID (as a user) on an arbitrary site is often more complex than not using it.