12 practical recommendations for product creators
When account creation is needed, the signup process needs to be as simple as possible. Here are 12 practical recommendations that will help you improve the user experience of signup and logging process.
1. Support Sign in with a social network account & Sign in with Apple
Support sign in with Facebook, Twitter, Google, LinkedIn. This option is easy to implement, and it brings a significant benefit to product creators — it’s possible to get some valuable information about your users from social networks, such as their full name and avatar.
Quick tip: Remember that some employers restrict access to the services like Facebook or Twitter in their work networks. As a result, users won’t be able to use your product while they work behind firewalls. It means that social authentication shouldn’t be the only want to sign in to your product.
Sign in with Apple is another great option. Unlike social networks, Apple does not collect private data — data collection is limited to the user’s name and email address. This approach helps users hide their real email address — when a user is asked to provide their email address, Sign in with Apple allows the user to share or hide their emails.
2. Don’t use username
When you ask users to think about unique username, you introduce extra friction. First, all common usernames are likely taken, and users will have to spend some time trying to think of a unique username. Second, the chances are the user won’t remember this user name the next time they will access your service. Use email or phone number as a login.
3. Ask users to follow security rules when creating password
When users go for a traditional email/password combination, it’s vital to ensure that their passwords are hard to guess. Here are some standard security requirements for user passwords:
- 8 or more characters
- Contains both lowercase and uppercase characters A-Z
- Contains at least one digit
- Contains special characters
Its’ recommended to make password requirements visible upfront because it will help users modify their passwords in real time. Make sure that the user can see the requirements all the time the field is selected. It is particularly important for mobile users.
Fact: Mobile users make more errors when typing in passwords than desktop users.
4. Prevent users from using common passwords
Satisfying the security requirements does not necessarily result in more secure passwords. Sometimes users tend to use real words as passwords and replace some characters with numbers and special symbols. A typical example is the password “P@ssw0rd.” While this password satisfies the security rules mentioned above, the resulted password will be weak because it allows dictionary attacks.
Prevent users from using a word contained in any dictionary (English or foreign), spelling list, abbreviation list, etc.
Tool: Zxcvbn is an open-source password strength estimator that recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns
Motivate people to create better passwords by showing a message that their password is vulnerable.
Or you can follow a more creative approach and show “time to hack” information.
5. Add password strength meter
Password strength meter is a visual indicator that helps users understand whether their passwords are sufficiently strong. It helps you to increase the complexity of your users’ passwords.
Fact: A study conducted by the Microsoft Research team proves that the presence of meters yielded significantly stronger passwords.
There are a few approaches you can follow when creating a strength meter. A simple one is adding a horizontal bar that will indicate the strength. The more secure password is, the more the horizontal bar is colored. Designers can use an associative color — red for weak passwords, yellow for average passwords, and green for secure passwords. A nice thing about this approach is that it gamifies the experience of creating a password — reaching the full green bar creates a sense of accomplishment in an otherwise dull task.
6. Allow users to unmask the password
When users create a complex password on the fly, they risk making typos. To minimize the chance of errors on desktop, you need to hide the password by default and place a checkbox labeled Show password next to the input field. When the user clicks on the Show password option, they can see their input string and validate it.
On mobile, it’s recommended to follow a different approach. Since typing is more error-prone on mobile and it’s easy to move the mobile screen out of sight of prying eyes, you should unmask passwords by default and add a “Hide” option. This small usability improvement will minimize the interaction cost for mobile users.
7. Don’t’ ask users to type email or password twice
Good product design minimizes the interaction cost for users. The rule of thumb of good form design is to create forms with a minimum possible number of fields. The same rule applies to sign up form. You need to remove all optional fields, including retype your email and retype your password.
- Email: When users see retype your email field, they tend to copy and paste email from the first field, so they can easily make the same type twice in both fields.
- Password: If you offer Show password option, you don’t need to ask users to type the password twice.
8. Don’t ask users to validate emails right after the registration
It’s possible to make a procedure of account creation even more painful if you ask users to validate their email addresses before using a service. It’s even more annoying on mobile because users have to switch to an email app to confirm the email.
In most cases, its possible to postpone confirming the email address or tie it to a particular activity. For example, if your product is based on user-generated content, email validation can be a mandatory stop for users if they want to post anything.
9. Use 2factor authorization or authorization app
2factor authorization introduces an extra layer of security. The user authorizes in two steps — enter their password and enter the authorization code sent to a secondary device (e.g., mobile phone). Most users feel more secure when two-factor authentication is turned on.
Quick tip: If you want to use 2factor authorization, you should provide the “Trust this device for X days” option. With this option, the user won’t need to type the security combination every time they login to the app.
Alternatively, you can use secure authentication with a special app. Duo by Cisco is a good example. This app generates authorization codes that users can use to verify their identity quickly.
10. Allow people to use fingerprint or face authentication to login (Mobile mostly)
Biometric authentication in modern products is represented by thumb (i.e. Apple TouchID) and face scanning(i.e. Apple FaceID). This approach provides two major benefits—it’s very secure and doesn’t require user effort (users don’t need to do anything except to allow the app to use biometric data that is already stored on their devices). This way of authentication is particularly valuable for products that use financial data, such as banking apps or apps for investment.
Prediction: By 2024, 66% of smartphone owners will use biometrics for authentication.
11. Support “Forget Password”
Have you ever forgotten a password for a product you use? If the answer is no, you can be proud of yourself because more than 60% of users constantly forget their passwords.
Fact: Forgotten passwords prevent people from making a purchase. 75% of eCommerce users won’t complete their purchase if they have to recover a password while checking out.
Recovering should be available on any login process.
Don’t let your users wait a long time to reset a password. Send an email with a password reset link immediately.
12. Support login without password
Give the user an extra option in case they don’t want to type the password. Here are two great examples:
- “Magic Link” by Slack. Instead of typing out password on mobile, Slack gives users an option to receive a magic link via email. When users click on this link, they sign in automatically.
- “Sign in without a password” by eBay. eBay text you a code that you can use to sign in.
Try Interaction Design Foundation. It offers online design courses that cover the entire spectrum of UX design, from foundational to advanced level. As a UX Planet reader, you get 25% off your first year of membership with the IxDF.