Cutting edge research on user registration best practices?
November 4, 2016 1:06 PM   Subscribe

There are so many product design options for user registration and signin these days: email/password, Facebook login, Google auth, SMS PIN numbers... so what are the current best practices, and where's the data to support them?

Researching this stuff is difficult. There are some studies that were published a few years ago, but in the meantime the world has moved on, mobile has become more prominent, and users have got more (or less) comfortable with these forms of signin.

Is there any good, public research out there that's particularly relevant to 2015/2016? Some of the questions I'm interested in include:
  • How comfortable are users with Facebook authentication these days? It's actually been several years since Facebook-authed apps could spam your timeline with updates, but do the majority of people understand that or are they still burned by past poor experiences?
  • What do authentication trends look like in new markets - developing countries, mobile-only internet users etc?
  • Are there major international differences in authentication preferences? e.g. are there countries where people are more or less comfortable with certain types of authentication?
  • How acceptable is SMS-only, phone-number-required signin? Messaging apps like WhatsApp and Snapchat require a verified phone number to create an account - but is this pattern being adopted outside the realms of daily-use messaging apps?
  • Are users deterred by being asked to pick a password? Password-less registration (especially for mobile apps) seems to be growing more popular.
posted by simonw to Computers & Internet (1 answer total) 12 users marked this as a favorite
 
Well, I don't have any stats or research, so I'm happy to be discounted as someone that doesn't really know what they are talking about...but I did recently get on the Password-less auth train.

My thinking behind this was that since I personally hate coming up with passwords, it seemed silly to insist others had to.

I decided against various social media powered auth options (FB, Twitter etc) because I know enough people that don't have a FB account for it to mean I'd conceivably need a fallback local password anyway.

So passwordless made sense, since everybody has an email address.

The major downside is that it is slower to log in. I've noticed maybe a 20-30 second wait for token delivery, which in internet terms is pretty tragic. You can effectively avoid that being a major issue if you keep the user logged in between sessions, but for users that jump around machines / devices a lot, it'll be a pain.

It's also still a weird enough concept to many people that they simply don't trust not having a password - so a little user education may be necessary.
posted by man down under at 11:04 PM on November 4, 2016


« Older Long-Distance Psychiatry/Therapy   |   What this place needs is some jawas Newer »
This thread is closed to new comments.