What do you think about automatically creating a user account without letting the user set the password initially?
What flow follows? i.e. at what point would they create it?
Can I ask why you’re thinking about this an option?
This is described in more detail here:
I think SSO option is becoming de facto standard.
IMHO, this post: “Single Sign-On: The One-Click Growth Hack You’re Not Using” explains it very well.
As a regular user, I always use SSO. Most apps offer other option as well. This gives user flexibility to choose which one fits best.
Coggle is good example for register without setting password. Coggle doesn’t offer any option but Sign in with Google
Sign In Page
For example I share images of Coggle example. Why did I do this? Because I know that mobile users don’t like shifting between websites and They don’t like filling up form as well.
Luke Wroblewski, author of Web Form Design: Filling in the Blanks book, also have same opinion.
By the way, this video is part of Building High Conversion Web Forms course. (It’s free)
But I wouldn’t just offer SSO to user. In fact there’s already a pattern. Let’s check two websites all together.
Creating an experience similar to these examples will also support consistency and standards which’s one of 10 Usability Heuristics for User Interface Design.
Lastly, there’s one slight difference between two signup form above. Datacamp lets you sing up even with signin button however, Udacity don’t. I think Datacamp’s approach is better.
I think you have some really excellent points here.
Personally, my biggest problem with SSO isn’t a design issue. Rather, I worry about security and ethical data use. The type of logins you’re liable to use for SSO are much larger targets for attack than most sites, and data breaches with these larger sites have occurred.
Secondly, there’s an ethical concern with allowing FB, Google, Twitter, etc. to gather, analyze, and sell data about customer site use that bothers me. FB in particular has been in the news recently and in the past for their unscrupulous use of user data, and I feel that we as an industry have a duty control how our users data is gathered and maintained to the best of our abilities. Ceding login control to these SSO options means ceding that ability to understand how our users data is being gathered, and to what extent.
Some people love these patterns and others hate them. Sadly, very few people take password security seriously (esp people of our parents’ generation) so SSO options allow them to propagate their weak passwords right across their internet presence.
I think the key here (as with most aspects of our work) is to give people the choice so that they can do what makes them most comfortable.
Thanks for your inputs!
@zehir thanks for the great input on SSO!
I think that the context of the application in question is not suitable for SSO with social platforms. It is a legaltech / financial service and we need to ensure a level of data protection along with the upcoming GDPR requirements. IMO the raised level of comfort does not justify the use of SSO for a service where financial transactions are involved.
Right, so we follow a similar workflow with our product (this product) in certain circumstances. If SSO isn’t enabled, admins can invite other users to join the community via email. The email asks them to choose a username and specify a password if they want to but they can proceed by clicking a link, getting a verification email, clicking that link and being auto-logged in.
If at any point they then want to log in not via an email they have to set a password.
It works fine.
Medium.com is another example of a website with a no-password policy.
You cannot set any password there and this is considered good by many.
Thanks, @yannisc, I didn’t know that specific registration process, although I do read medium regularly (what a shame )
@HAWK Yes, pretty much what I meant.
The product went live in the meantime as described (no password set during account creation) and so far the perception by users is good. I expected more hiccups and confused users, but real world data shows that the users are adopting quite fast to this new login. I say “new” at this point, since a previous version has been replaced - partly in response to GDPR requirements.
This is a great question, and one that would be relevant to look at your user base–especially regarding demographics and geo/location. It will be interesting to see how each login process performs within these two areas. In general, of course, there are always challenges with the login screen and registration. I like this piece from UsabilityGeek which explains clearly some login best practices.
yes, i totally agree that single sign-on is really useful and comfortable, definitely worth it to implement it!