Because the intersection of the sets of people who (a) sign up for more than two websites a year; (b) know and care enough about security to avoid just using the same password on every site; (c) think it's much easier to use OpenID than to just use the "email forgotten password" link; and (d) aren't just using 1passwd or some other password-caching program is apparently really small.

Of course, that's just one of the reasons.

One reason is that there's a very small distance between "I don't care if someone gets in here" (reddit, blog, etc) and "If someone got in here I'd be hosed" (bank, administration stuff, etc). OpenID can handle the former, but since people are using the same insecure password for all those sites anyway, typically, it doesn't matter. OpenID can't handle the latter, because (last I checked) making phishing easy is inherent in how OpenID works.

"It seems to be one of those great ideas that sounds good but never catches on - a lot like BlueTooth."

wtf? I think it's safe to say Bluetooth caught on.

Because most that do catch on take a while, and some good things never do.

Mostly, people don't have a problem with using a username/insecure password. They want stuff and don't care much about security. Although I agree that if Google, Yahoo, MySpace, or one of the other humongous sites accepted it, that would spread the word much faster outside of the geek echo chamber.

No established site is going to want to use that for its authentication system. They don't want to make it easy for you to log into sites other than their own.

I thought Yahoo did accept it?

Because it brings no benefit to anyone. Not to the one who runs the site and not to the one who signs up to it.