9 Ways to Make Login Walls Suck Less
Login walls affect app growth. What should you track? Compare delayed vs. upfront logins, guest access vs. forced password recovery, social logins, biometrics, and more.
Join the DZone community and get the full member experience.Join For Free
Logins and Identity
We identify ourselves to numerous apps using our email addresses, usernames, phone numbers, and authenticate ourselves with passwords, PINs or passcodes, to gain access to an individualized, secure, and a private experience across the devices we use. We also use social logins like Facebook Login, Sign-in with Slack or others across our apps. We use the Chase mobile banking app, the Spark email app, the Slack app to collaborate with teams and customers, or the Telegram messaging app to keep on top of messages between people and bots (see the Pyze article on messaging apps). These are all examples of the scores of apps we log into and identify ourselves for.
With so many apps requiring an account of some sort and the strong security recommendations to use different passwords on different services including apps, that leads to identity chaos , which basically means fatigue associated with remembering too many usernames and passwords, PINs, or key codes.
Login Walls Affect App Growth
Login walls create barriers to mobile app usage, and you lose a portion of users who may have forgotten which one of their many emails they used to login, what username they created and used for the app, and/or the password they used to login.
How much of a barrier login walls create and how many users you’d lose depends on both the genre of your app and your app. How many users you lose because of login walls depends on your app’s security requirements and strategy. The Facebook app, for instance, requires you to login to see any content. Facebook decided – years ago – to not show you any content without knowing who you are. Twitter, on the other hand, let’s users who are not logged in see Moments and Trends, i.e. content that is not tied to who you follow.
Numerous usability tests have shown that login-walls and account recovery workflows are very annoying to users.
Less Annoying Login Walls
How can you, as an app developer, make login walls and account recovery workflows less annoying? With another competing app a couple of taps away, it is important to design login and account recovery workflows with the utmost thought.
What can you do as an app developer to ease the pain and make your app more likable?
1. Question the Need for Logins
Many apps need logins, but not all of them.
Does your app have to be behind a login wall?
Apps could create a unique identifier within the app and use that to identify a user and provide a personalized experience. The Stock Markets app, for example, needs to know the list of stock symbols a user is interested in and can keep the user engaged with charts, news, and recommendations and does not need to log a user in unless they want to check out the stock trading features.
Not requiring a login may limit a user to a specific device, but you can come up with creative ways to let the user take their identifier to another device using ad-hoc connections over Bluetooth and Wi-Fi (similar to how the Firechat app can let users message in the absence of Internet), NFC tap, sending themselves a message, creating a unique subdomain, etc.
If your app can avoid the login, it does not have worry about account management and recovery workflows.
2. Track Your Login Funnel
Assuming you need a login, what can you do to understand how users react to your login funnel?
Track every aspect for your login funnel.
- How many users visit the login page and don’t continue with login, maybe because they forgot their credentials?
- How many users type an incorrect username and/or password, i.e. have forgotten their credentials?
- What percentage of users attempted username and/or password recovery?
- Was the password recovery mail/text delivered? Maybe it was delivered, but to their junk or promotions folders?
- How many users attempted to recover password after the embedded recovery link expired?
- Of the users that start password recovery, how many abandon the workflow midway?
- Of the users who abandon the workflow midway, how many come back again to the app?
- How does login abandonment correlate to when the user last used the app?
- How does two-factor authentication affect abandonment?
Of course, these seem obvious to track. Does your app track such aspects of your funnel? More importantly, do you count users who can’t login towards daily active users? The answer matters if you do not offer logged-out support in your app.
Do you count users who can’t login towards daily active users (DAU)?
Why DAU is a vanity metric is a topic for another post, and I’ll talk about that in the future.
Tracking your login funnel is important for a number of reasons. The best practices that work for a specific app may not work for your app. For example, your app may not be suited for delaying logins.
3. Delaying Login
Instead of forcing a login before the user can use the app, let users use portions of the app freely till they come across a feature that requires login.
Require user to login only when they need to access a feature that requires login.
Let’s take the Stock Markets app. The app may allow full access to public features like news, stock activity, charts, research, and ratings, but it may require an authenticated account to place trades.
A mobile commerce app may let users add items to a cart and require users to login to access stored payments information.
Even Apple is known to initially reject mobile commerce apps who do allow delayed login experiences. But your app may require upfront login for a number of reasons.
4. Force Logins Upfront
Yes, there are times where you want to force logins upfront, knowing your will lose some users. There are many reasons why you may want to do this, such as:
- You are a SaaS service and the data is owned by the user or customer.
- It costs you more to support non-paying users in a freemium model.
- You have too many users in the earlier steps of the funnel and only a few convert.
Make it easy to recover passwords if you require a login upfront.
5. Guest Access Instead of Forcing Account Recovery
Even if a user has forgotten his or her login, consider providing guest access to encourage the user to finish what they came for instead of requiring a password recovery.
Engage users even if they have forgotten their login.
Instead of forcing account recovery, a mobile commerce app may choose to offer full access to the app’s features and allow users to provide payment and shipping information only when a user buys something. This may be perfectly suited for buying one-off items. The mobile commerce app may be perfectly okay operating under this guess access manner as long as they can keep making revenue from sales.
Following a "guest purchase," the app can optionally ask for an email, phone number, or push notification permission to send tracking updates. The email for tracking update could include the account recovery link, telling users why they should perform the account recovery — for instance, easier returns management. Apps should provide a very good reason to the user to create or recover an account.
6. Social Logins
Again, typing passwords are annoying on mobile. Many users, especially in the mobile context, prefer to sign up using Twitter, Facebook, LinkedIn, WordPress or simply their phone number. On May 10, 2016, Slack also entered the social login market with Sign-in with Slack.
There are advantages and disadvantages to social logins. If the advantages outweigh the disadvantages, certainly using social logins can help reduce identity chaos.
Social Login Considerations
- Social logins provide one-click logins, except during the verification process.
- Users can revoke the access to apps from the social network.
- Your app has access to much more data about your users.
- There are lots of users on social networks. LinkedIn (over 400 million), Facebook (1.6 billion), Twitter (300 million). Compare that to the number of smartphones and email addresses. There are 2 billion smartphones as of 2016 Q1 and more than 4.5 billion email addresses.
- You are out-sourcing your app’s security to a social network, which may be okay for a variety of consumer apps but not for a banking app.
- Users seem to feel more comfortable with a social login than giving out their email address because they can revoke the access to app.
- You do not have to implement server-side passwords.
- If a user’s social media account gets hacked it could cause problems with your app.
- You are advertising for the social network on the first screen of your app.
- Every time you show a Facebook, LinkedIn, or Twitter social login, you are reminding your users of another app they could be using.
Social Login Dos
Use the most appropriate social login for your app’s audience. Are you targeting Bloggers? Developers? Entrepreneurs?
- If your app is enterprise- or business-related, consider LinkedIn.
- If your app is for consumers, consider Facebook social login.
- If your app is for entrepreneurs and developers, consider a Twitter social login.
- If your app is specific to users using on phones (i.e. no iPods, iPads, tablets) consider login by phone number.
Social Login Don’ts
Don’t offer 10 ways to login!
Think about the experience for a user who has forgotten her login credentials. In addition to remembering which one of her many emails she used to login, what username she created and used for the app, and/or the password she used to login, she is now expected to remember to which social login she used!
She is expected to remember which social-login she used. Avoid Social-sign-in chaos.
Question why you should use multiple choices of social login.
7. Passwordless Logins
Slack does an amazing job of allowing users to login in by sending themselves and email (or SMS message) with a universal link. Once an email with a link is received by the user, he or she can simply tap on the link, and have the application launch and take over.
Typing passwords is annoying on mobile. Make it easier for users to login in your app.
If you are offering password recovery, you already know how to do passwordless logins. Here is how you can implement it in your apps.
Also, see password-less logins using phone numbers (or email) below.
8. Touch ID and Fingerprint Readers
For phones that support it, Touch ID and fingerprint readers offer a positive experience and quick logins to apps. Examples include the ADT Pulse App, which can log you in to control the alarms, cameras, and lights in your home.
9. Login by Phone Number
WhatsApp logs users in with phone numbers. It verifies the user’s phone number by sending a SMS message. Twitter brings this login by phone number to apps as part of Digits.
Login by phone limits users to those who are running apps on devices that have a phone number and can get SMS messages and this is why login by phone number is not a primary method of login for most apps.
Combining Your Methods
From the user’s point of view, he enters the phone number (or email), verifies with a PIN and uses touch ID subsequently. All the heavy lifting is done by the app.
Poorly designed login and account recovery workflows can drive usage down. With in-app purchases, in-app advertising and subscriptions being the primary monetization mechanism for apps, providing experiences without barriers is key to app success.
Published at DZone with permission of Dickey Singh, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.