Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Should You Make Your Users Log In?

DZone's Guide to

Should You Make Your Users Log In?

Having users create accounts for your app or service and logging in just makes sense, right? But not always. Let's see where it works best to forgo logins.

· Security Zone
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Most of the time on the Auth0 blog, we talk about logging in and signing up as though it's obvious that everyone will do it. However, asking users to sign up for your product isn't always an easy decision to make. Some people are worried about the friction it causes, or if it's necessary for their product. Sometimes, worries about maintaining secure logins make asking for signups seem like more trouble than not asking users to sign up at all.

As experts on signup and login, we've thought of — and encountered — use case after use case and find that asking users to log in almost always offers benefits to both the business and the user. From security to enterprise concerns to customer support, the power that login has to better your product is something you should seriously consider as you build and grow your business.

This isn't an exhaustive list of every reason why you should ask users to log in. Rather, it's an overview of why you should have users create accounts, why login is mutually beneficial, and the very few exceptions where this isn't the case.

The Basics of Logins

Whether you're using a username and password or a complex multi-factor setup, the core principles of login remain the same:

  • Login requires a signup for your product. This means that there is only a certain group of users who are allowed access your product, although login doesn't have to mean that your product is 'exclusive.' For example, anyone may be able to sign up for a gaming app, but only paying customers for an analytics software.
  • Login creates a user account. This means that users are uniquely identifiable within your product.
    • For users, this frequently means that they can see their own profile and information, change that information, and keep track of what are the identifiers on their account (profile picture, username, etc.)
    • For companies, this means that user data can be linked to an individual profile. This profile probably contains all the information the user inputs, and can also be a home for any other data that a company chooses to attach to that profile (type of device, for example).

Security and Accountability

User Accounts

Enabling a user to create an account and log in, is equipping them with security for and control over their information.

When a user can see the information they've given you in their user profile, they understand what you're using to connect with them. So when a user gets, for example, a promotional email, they know where it came from. They can simply go into their settings, change their email, check and unsubscribe from promotions.Multi-device world

Otherwise, users might be wondering what happened to the email address they used to make an in-app purchase.

If they want, they can also change privacy settings, update personal information, and delete their projects and profile, leaving no question about what is hanging around in your product.

For your users: Accounts help put users in the driver's seat for their data.

For your company: Letting users see and control their data builds trust with users, which helps foster transparency about what information is stored by a company (especially when nobody reads terms and conditions).

Enterprise concerns

Login is also incredibly important for enterprise customers, for a number of reasons.

  • Security. Enterprise customers want to have everything within their system secured, which means providing a sign up that works with enterprise login requirements.

Enterprise Connections

  • Managing roles. With potentially hundreds of employees all needing to access your product, enterprise customers want to be able to designate and manage roles. The head of marketing might need admin access to an analytics platform, but a sales person definitely doesn't.
  • Tracking employee data. When each employee has an account, it's easy to track who is making changes, who is working on what projects, and how teams are working together. Enterprise companies especially are interested in keeping track of who is doing what, so anything that comes up down the line, whether mistake or triumph, can be properly attributed.

For your users: Accounts and login helps enterprise customers trust your product and integrate it with their existing tools.

For your company: If you are considering working with enterprise customers, you will need to implement a sign on feature. Truthfully, we've only scratched the surface of what enterprise customers expect out of their login — it can be make or break for you if you don't have a login to fit their needs, no matter what your product.

Customer Experience

Login can be a powerful tool for shaping customer experiences. Beyond simply getting someone into a product, login can be a way to manage data on a user and help them get the most out of your product.

  • Giving better support. When a customer contacts support with a problem, imagine if they could get welcoming, customized support — like being greeted by name, and not having to answer a long list of questions about their product history or what devices they're using. If you don't have a user account to store data like name and device type, that's simply not possible. Keeping an internal profile of every customer through your login is a great way to personalize your support.
  • Catering to a multi-device world. When there's no login, there's no easy way for a user to use your product on multiple devices without starting fresh. Even if you're a simple game app, letting people save their progress and access from different devices can keep users habitually engaging with your product.
  • Offering a social component. Whether people want to share their favorite songs, their pictures and videos, their high score or their sales data, any sort of social or sharing component in a product can benefit from a login. By giving people an account and a profile at login, you make it easy for someone to find just the right person to connect with, whether that's for business or friendship. Without login, finding and sharing things to a select group is difficult.

If you're still worried about having the login as a barrier between potential users and your product, consider offering options like passwordless login and social login, that ask less of users than traditional or multifactor authentications.

Exceptions to the Rule

So, we've been over many reasons why using a login is a good idea. But there are always exceptions to the rule — here are the three biggest.

  • Product demos: Although some companies have you create an account to access a product demo, most require only your email or sometimes nothing at all. When you're giving people the chance to try out your product, it doesn't always make sense to have them go through the process of creating an account, especially if it's a short demo and not a free trial. If a user just wants to see what you're about, sometimes it's better to let them get some time to explore without having to sign up.
  • Checkout: Users shopping online are skittish about signing up in order to check out, especially if they're a new customer and aren't sure if they like your product yet. Removing a requirement to sign up and allowing a guest checkout can benefit your conversions at checkout. Clothing retailer ASOS halved its abandonment rate by adding a guest checkout.

Checkout experience

  • Mobile: It seems like almost every mobile app requires a login, save for weather apps and a few games. One reason for this may be that the download is the real source of friction to adopting the use of a mobile app — once you've gone through the trouble of actually getting the app from the app store, the time it takes to sign up is negligible. Still, if you're offering a simple mobile service without any social features, it might be worth skipping the extra step.

These exceptions come with a deep understanding of your product, and how users are moving through it. When login becomes a big source of friction, it can make sense to remove it. Take the “$300 million dollar change” that one major e-commerce company made.

They didn't see their request for users to login as a problem — but their users sure did. When interviewed, they expressed that having to login before checkout was a huge nuisance, and when they looked at their analytics they saw 160,000 requests for forgotten passwords a day — clearly, login was hampering their customers from checking out, not helping them.

When they dropped their login requirement, they immediately saw a huge sales boost.

So, if you are thinking about ditching your login, do some exploratory work and see what is tripping people up as they're trying to use your product. If it seems to be login, it could be worth a shot to remove it and see how things go.

Let Your Login Lead the Way

If you're trying to decide whether or not to add a login feature to your product, don't fall prey to thinking that all login is is a box for a username and password that only creates friction for your users. When you're actually thinking about what login can do for you, it's clear that there's a host of benefits for both you and your users that simply aren't possible if you don't require a login.

Of course, making these benefits a reality means implementing a more sophisticated login than that box for your username and password, and that's where Auth0 is ready to help. When you implement that sophisticated login, you're letting it lead you to better customer experiences, no matter the product.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
security ,login ,ux ,enterprise security

Published at DZone with permission of Diego Poza, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}