This is a tougher, though nevertheless more annoying subject. If a web-store requires you to ‘register’ (the most horrible word to be chosen for the procedure; do you smell the bureaucracy and finality coming with it ?) or not: A vendor always needs a way to keep track of your particular order to make sure it is processed accurately right until it reaches your door.
The easiest and most secure way to do this, is to assign it a unique identifier — and by definition your e-mail address just is one.
So the question to register (let’s stick with the word, for understandability’s sake…) or not, actually is not about if you are to create an account at all, but if a new account is being created with one and the same shop for every single order you place. May the latter be appreciated by the more privacy aware shopper, the advantages in information protection will likely shrink somewhere close to zero by the time you are to enter the shipping address; at least if you forgot to repeatedly relocate between two orders.
On the other hand registration usually comes with the added benefits of being notified when your order is shipped or if an ordered item probably went out of stock unexpectedly. Concepts for more privacy-saving delivery options are being discussed further down into this article series.
So if registration is basically about identification:
What the heck makes us register freshly with each and every website we use ? Do you carry a different passport with you for every country you go to ? Or a different credit card for every shop you buy from ?
The issue here obviously is less a lack of unique identifiers (remember that e-mail account…), but the absence of standardization and trustability.
Also the increasing number of available password wallets, from the simple ones built into most any webbrowser, enhanced by more advanced add-ons like Sxipper tell us that the customary concept of creating new accounts with secure user-and-password combinations for every single website has quite well exceeded its peak level.
Battling the growing number of phishing attempts, alternates just started to emerge within recent years, as industry giants like Yahoo!, Microsoft and Google announced their support for a new, now becoming even more popular and widespread, browser-based authentication system named OpenID. Its core idea is based on third party credential-verifying and goes pretty much like: “I don’t necessarily trust you to be able to drive a car, but I will trust the local administration if they give you a driver’s license.”
Online for instance, a web-shop owner may not trust the billing address his prospective customer provides. But if the client’s bank confirms, that this is the address they had successfully sent him his new credit card to, the vendor may trust them that they have verified it.
With OpenID you may only own one account with an organisation
you trust, and which in return is willing to provide third parties credentials they trust to confirm your identity as required by their business processes.
This doesn’t come without added benefits: By accepting their customers to log-in using OpenID, vendors get beautiful and trust-sparking co-branding opportunities with household names on the internet. Just take this button as anexample.
So logging in to an e-commerce site is likely to become a push-of-a-button experience quite soon.