*
programming and human factors
by Jeff Atwood
*
Dare Obasanjo's May 26th thoughts on the facebook platform contained a number of links to the Facebook API documentation. At the time, clicking through to any of the Facebook API links resulted in a login dialog:
It struck me as incredibly odd that I had to login just to look at API documentation. When presented with the login barrier, I did what 99% of all the people who encounter a login barrier do: I turned back. Dare seemed excited about the Facebook API, but I lost interest when confronted with this login screen.
Wouldn't you want information about your API disseminated as widely as possible, to as many people as possible? To be fair, Facebook has since rectified this problem. Clicking on the link now takes you directly to the Facebook API documentation with no login barrier. I'm not so sure the Facebook folks are "brilliant on several levels" if their API documentation was placed behind a login barrier, even if for only a few days.
I previously referenced Jan Miksovsky's enumeration of login steps as a type of user interface friction. But in reality, login barriers are far worse than friction-- they're a brick wall. Login barriers are a no-win situation for users. What's in it for them? And without sneaking behind the barrier, if only for a moment, how can the user possibly know if your site is worth the hassle of signing up? If you're the New York Times, maybe you can get away with forcing users to deal with the login barrier before getting to the meat of your website. But most of us will never have that much cheese.
Even if you can't avoid an eventual login, it is possible to make the user's login process nearly seamless. Too many sites take a ham-handed, completely traditional approach to logins. You can do much, much better than the abysmal login barrier status quo. Jan doesn't mince any words when he says Geni has the most inviting initial user experience he's ever seen:
Right off the bat, you're cleverly dropped into a family tree that's already partially started: there's a place for you, and obvious points to add your parents. No fanfare is needed to introduce the site or explain what it's for. The very nature of the task's UI makes it obvious that you're building a family tree.You're asked for an email address, and in the most compact text imaginable, they define the key points of their privacy policy ("never spammed, never shared").
It's not advertised to the user at this point that the email address they enter for themselves will become their user ID on the site. This is revealed the first time the user tries to return to the site. At that point -- the second visit -- the user is asked to sign in with their email address and a temporary password that was emailed separately to that address.
It's obvious that Jan has been thinking a lot about this topic; he has a followup post describing how Netvibes and Pageflakes ease visitors into sites with anonymous accounts:
These sites both use cookies to establish a tentative, anonymous relationship between you and the site. You can even enter personal data to customize the various widgets, but until you've established an account, you're generally using the service anonymously. (Of course, even without a user ID, each additional piece of data you enter to customize the site can be used to more precisely identify you.)You can use your anonymous account for as long as you want to, provided you use the same browser on the same machine to do so. Whenever you reach that point -- maybe even months after starting to use the service -- you can sign up for an account. The basis of your relationship with the site transfers from your anonymous browser cookie to a real account secured with a user ID and a password. (Both these sites use your email address as a user ID, to eliminate the signup hurdle of picking a user ID.)
The deep principle at work is that a site doesn't need to rush to secure a relationship with a visitor. Inevitable interest in getting more out of the site (in these cases, the desire to use your customized home page from another location) slowly pushes you, the casual anonymous visitor, to finally forge a permanent relationship with the site as an identified user. The site knows a relationship with you will develop in its own time.
If your application requires users to log in, don't underestimate the impact of the login barrier you're presenting to users. Consider utilizing anonymous, cookie-based accounts to give users a complete experience that more closely resembles the experience that named users get. By removing the login barrier and blurring the line between anonymous users and named users, you're likely to gain a lot more of the latter.
I happen to be making a website. We just so happen to have a current login barrier once you try to get into the meat of the website. I think that will have to change after reading this post. I'll submit it to my boss.
Dygear on June 3, 2007 12:02 PMI guess it all stems from the fact that users don’t have the time. The don’t have the time to watch your brilliant flash intro, read through amazing introduction, navigate through overly secure registration process and wait while your extravagant images load to their browsers. Most users are there by accident and have the attention span of a two year old.
So smart sites went from: “register to see”, “register for free” to “use existing demo account”. Nobody has the time to explore your site – you either put up or get closed (RC + D,L on my mouse gesture plugin :)).
I agree with you that registration barriers turn people away.
Recently, instead of forcing users to create an account specifically for my sites, I let them use their Facebook account through the Facebook API. It saves them time since they don't have to enter in any info and and you can also use their info such as a profile picture, to make your site more friendly. Then I also don't have to worry about security problems as well. And when the target audience is college students, most will already have a Facebook account.
Steve on June 3, 2007 12:51 PMWhen logins are in your face, there's always bugmenot.com !
ropata on June 3, 2007 12:52 PMWell, it would be wrong for Facebook to let you see a private note or message without confirming your login identity.
It is however silly to put a barrier on public "facebook-wide" documentation like the API docs or help pages.
I wonder if someday they will add a "public zone" so you can post notes that are accessible by URL without logging in. That would lead to some sort of dichotomy where your facebook account has a blog-like public facet a la myspace (but prettier).
jiblet on June 4, 2007 2:28 AMThe "New York Times" does not get away with the login barrier either. News is news and should be easily accessed or I will go to another site (which I do).
djchester on June 4, 2007 2:31 AMThere even are sites which will hold your "personal" (still anonymous) data without having any account feature :
http://plan9.tryphon.org/
Favorites are hold on the server and the key to this is your session ID stored in your cookie...
Interesting site about distributed user identification (I have not read it already) :
http://openid.net/
You mean a little like blog that requires you install beta software just to read a blog entry because someone foolishly force a redirect to the install site if it isn't already installed?
Xepol on June 4, 2007 3:00 AMI know of a feel INTRANET sites that require users to log on!
Adrian on June 4, 2007 3:08 AMvery nicely done. and it's cross platform :)
opensoresfreak on June 4, 2007 3:28 AMI'd love to see search engines delist any sites that require logins to see non-paid content.
What are they after except the hope of catching email addresses to sell to spammers?
Bob on June 4, 2007 3:33 AMI think reddit would be a good example of a site that's gone to efforts to eliminate the login barrier. First time you try to do something that requires a login, it pops up a box asking for a username and password. And that's it, after that you have an account, and you're logged in.
Ray on June 4, 2007 4:02 AMI responded to this on my blog
http://www.ryandoom.com/Home/tabid/299/EntryID/151/Default.aspx
http://www.ryandoom.com
Although I am extremely turned off by many sites that require logins to see what appears to be ‘trivial’ information I would not use API documentation as a way to degrade them on how ‘brilliant’ they are. How about this concept? Why would I want some random guy looking at my API documentation when he has never used my service? In fact I wouldn’t even want you integrating with my application because you don’t even understand its uses and my audience.
I hate logins as much as the next guy when I want to ‘try’ a service, but looking at API documentation is not intent to ‘try’ a service. If you plan on integrating with a system why don’t you learn something about the platform first, and since Facebook is a rather robust social networking platform it would make sense ...
Continue Reading
http://www.ryandoom.com/Home/tabid/299/EntryID/151/Default.aspx
A while ago I was looking to buy a health supplement from a website that I cannot recall the name of.
In order to see the price of the item I was interested in the website required you to register ... I kid you not.
I was utterly amazed at this and emailed the webmaster of the site - basically saying that I thought this was ridiculous... their reply was that several thousand customers a week would disagree with me .... but then I wonder how much business they were losing to this particular form of login-barrier.
Pete on June 4, 2007 5:11 AMWhenever I see a login page to download a file, I search the file name on Google so I can get it from somewhere else. I got so used to it that I barely noticed how bad login requests really are.
Ricardo on June 4, 2007 5:19 AMRafajafar, nice, I came back here just to mention the openid.net project.
FireCracker37 on June 4, 2007 6:04 AMIndeed, the Facebook executed the technical side of the platform launch very well, but the support side has a lot of *facepalm* moments.
If it's any consolation the documentation you get once you're in doesn't really clarify "Just what is the Facebook platform and FBML?" I was in on the beta and it took me like two weeks just to figure that out. Haha.
I wrote up what I know so far: http://20bits.com/2007/06/04/an-introduction-to-fbml/
Hopefully that helps someone.
Jesse on June 4, 2007 6:22 AM@Ryan D
I totally agree with you. Facebook has been successful, I feel, embecause/em of the requirement to create a profile to interact with any aspect of the site. Once you've got a profile, your friends find you and it's all over, you're officially hooked on Facebook.
A perfect example is http://www.fatdoor.com/ that was in the tech press this past week. They ask a lot of info up front and don't tell you how it will be used or displayed.
Brian on June 4, 2007 6:42 AMAmen. I can't even count how many websites I've gone, "hey, that looks neat!" *click* "oh." *close*.
dnm on June 4, 2007 6:45 AMDang, and I was just going to send you an invite to Facebook...
Adam Kinney on June 4, 2007 6:48 AMI'm pretty sure ASP.NET's Membership Profile feature set supports this functionality of starting with an "Anonymous Profile" and later associating with a new user. I'd have to dig, since I haven't had a need for it lately, but I remember seeing it when poking around in the docs.
daniel on June 4, 2007 6:53 AMI already noticed this problem, so when I redesigned my website, I made sure that not only would people not be intimidated by the login block, I also made sure that my website was more inviting for people to converse.
http://www.dranger.com/weblog/entry/inaugural.html
Basically, I completely removed the verification step. How do I prevent spam? Simple: the login is all Javascript. Then, to make sure people have a conversation instead of talking to a black hole, I have a comment hierarchy and it will email the user if anyone replies to them.
Stephen on June 4, 2007 7:14 AMI don't know if it is still the case, but a few years back, I was terribly frustrated by the fact that Oracle made me create a user profile just to search the online docs.
Jeremy on June 4, 2007 7:15 AMI think that so many sites are just doing what has been popular for years in the online world. I know that one of the main reasons that I started learning PHP way back when was to create a membership system. There are a fair amount of developers out there who have the user login for no better reason then the fact that the wrote one up and wanted to impliment it.
Personaly, the main reason that I ever used login systems was to try and thwart robots from posting stuff on my sites, now that CAPTCHA is easy to impliment, and something that many sites use, I think that we should abandon the standard user login just use the CAPTCHA, unless of course you have information that MUST be stored and linked to a specific person.
FireCracker37 on June 4, 2007 8:23 AMA much more serious issue that no one has mentioned is the wretched vile rise of PHP-Javascript-MmySQL-driven websites. If the login process occurred quickly, I probably wouldn't find. Automated with cookies, once upon a time, logins took only a few seconds. Specific example: ebay circa 1998. Login was fast, pages appeared quickly, no problem.
Fast forward to 2007. Now the PHP-overburdened pages take up to 45 seconds or a minute of thrashing and flailing and churning, churning, churning on the overloaded servers in order to process the login php script. Then you wait some more while the server thrashes and flails some more, paiting all that unnecessary eye-candy gradient-background shaded-button crap on the screen. Then you hit more login barriers on the new ebay. Almost every time you want to do something, you must login again...and again...and again... And each time, it's another minute to 45 seconds for the overloaded server to thrash and flail through its php scripts, access the mySQL database with your cookie info in it, compare it, and log you in.
Gmail has gotten especially bad courtesy of this PHP-mySQL-Javascript crap. Sometimes gmail gives me an error message after a couple of minutes "It's taking longer than usual to load your mail -- would you prefer to use an HTML-only version of your gmal page?"
This is a stark staring admission that PHP-Javascript-mySQL is a disaster. The servers are being massively overloaded and the login scripts that once ran quickly on all-HTML pages using simple cgi now bog down for minutes at a time on pages massively overloaded with all kinds of useless worthless eye-candy php scripts.
Of course the rejoinder is: "These big orgs should get bigger better servers." But that's stupid. Servers _always_ wind up being overloaded. Servers _always_ bog down under too many processes, too many database accesses, too many javascript function calls running at once, too many php scripts trying to execute. Since we live in the real world were servers are always overloaded, the smart move is to stick to plain HTML pages and simple login scripts. If you must use php to log someone in, for god's sake dump all the php crap that generates all that worthless useless eye candy on the web page. To hell with gradient backgrounds, to tell with shaded buttons, to hell with elaborate news-of-the-day or what's-new or latest-info or catalog-update php scripts. Simple HTML links! Simple URLs! Simple, simple, simple, peopple. KEEP IT SIMPLE, STUPID.
Want to see a web page by people who do this? Who log you on FAST? Who NEVER use php to crap up the page with graphics junk and bog everything down?
Google home page. No gradients. No fancy buttons. No "latest news item" column updated by some f***ing slow-ass php script. And guess what? The google home page runs FAST.
Compare that with the php-javascript-mySQL-encrusted hotmail homepage. I sometimes bail from the hotmail homepage because it times out before even logging me on. With other php-encrusted crapsites like Slashdot, I typically log on with a non-javascript browser Off By One with images turned OFF.
I have timed the delay for php to paint all that shaded-button and gradient-background garbage on my screen for the Slashdot site, and I have compared it with the plain simple pageview of straight bare HTML and test-only in the Off By One browser. Running Mozilla Firefox 2.0.1, it takes more than a minute to paint all that shite on the screen and just give me the text of the slashdot site. 90% of that time is wasted serving graphics and flash and other junk from worthless infuriating ads, which must be splattered across the screen before the text content of the site even shows up.
it takes 18 seconds to paint the text-only HTML of slashdow on my screen in the Off By One browser with graphics turned off.
Something is horribly wrong, people. PHP is shite. Javascript is bogging everything down. Your mySQL accesses are grinding everything to a halt. And all for nothing. Nothing! Most javascript is used for worthless eye-candy junk like rollovers. Most php is used for pointless garbage like painting gradient backgrounds on the screen.
KEEP IT SIMPLE, STUPID!
Avoid logins if at all possible, and for the love of god, Montresor! GET RID OF 90% OF THAT USELESS WORTHLESS EYE-CANDY PHP AND JAVASCRIPT CRAP!
(Incidentally, in case you think it's my computer, bzzt. Wrong! 2.4 Ghz P4 with 512 megs running Windows 200 Pro SP4. It's not my OS or my machine, it YOUR CRAP CODE, WEB PROGRAMMERS. KISS! KISS! KISS!)
mclaren on June 4, 2007 8:56 AMOnce upon a time there were no barriers, and the hackers owned everything. You can have an interface that is easy to use, or secure. Pick one.
While I am not defending the practice of forcing a login to view developer API's at least it helps the vendor learn a little about who their potential attackers are.
Email addresses have one thing going for them... They're guaranteed to be unique. I do agree that the site should inform you they are using it for your Login ID though. Still, it’s a good practice to keep a garbage email around to use just for registering with sites. Microsoft will kindly give you a free one and you can use it to help reduce your main email’s spam.
And while you may end up getting more hits by not requiring logins to access demo’s and whatnot, you are definitely getting lower quality hits. I have registered on sites for applications where the developer has taken the time to follow up and on at least two occasions the resulting communications have convinced me to buy their product.
David E. on June 4, 2007 9:01 AMIn one site I helped develop, I threw out the idea that we only require an email address (with all appropriate "we won't email you, ever, or sell this to someone else" disclosures).
Using just that way of identifying yourself, you get a large portion of functionality. But if you wanted the power to do more (some financial stuff) you had to go through the full rigmarole to setup. At that point the user was pretty comfortable with us and didn't mind. Plus, when dealing with anything money related, a user normally WANTS to lock it down as much as possible.
If your site really doesn't contain confidential info, then why make users give you some of their "secret" information?
Matt on June 4, 2007 9:04 AMJust make an account with a free email address, login, get your stuff and never return
when you receive too much spam, get another one
a lot of people do this, forcing registering gives a lot of 'ghost' accounts.
Fixx on June 4, 2007 9:06 AMmclaren: Though you seem like a troll, I'll bite... if it's taking you a minute to load slashdot there's something wrong on your end. It always loads in just a couple of seconds no matter where I use it from (which, I must admit, is many places and often...)
Kamil Kisiel on June 4, 2007 9:07 AMI too find login screens frustrating. I'm tired of having to create a login and go through the both of registering, and having yet another login ot remember, just to poke around on a site, or read an article. Quite often unless I really need the info, its click...oh, well never mind then, and off to another site.
I forget what site it is, but whenever I'm searching for help on technical issues there is one site that often comes up at the top of search results. Something with Tech in the name, and it requires you to login before you can see the tip or discussion post you are looking for. Argh. So usually I don't even click on their links in search results anymore. For me its not the giving them my email that bothers me, I have a junk account for that..its the time it takes.
Marz on June 4, 2007 9:40 AMWell, I once was involved in a website where everything was private, so the standard method to starting a page was to automatically check for authentication. The only two pages where this didn't happen was the login page and the registration page. It's possible that they used the same system considering the guy I worked with on said project also got a job with Facebook later on, so he might have continued that practise there...
Matt on June 4, 2007 9:55 AMhttp://.openid.net = the end of login barriers. Learn it, live it, love it.
Companies are really digging it too. Could be used for websites, IM services, even gaming.
Rafajafar on June 4, 2007 10:18 AMThese sites both use cookies to establish a tentative, anonymous relationship between you and the site.
These sites are only applying an old paradigm to a new brand of site.
On-line stores thrive on anonymous use. Stores like Amazon, for many years, have allowed users to stock a shopping cart without logging in. The shopping cart is tied to the browser, so if you go back two days later, all the items selected remain in the cart, all without logging in.
The interesting thing is how poorly things were being designed in the first place. Why would a site like Netvibes need much information from me? Geni is static enough where they could almost store a passkey like the old Metroid passwords on my computer and not keep a single thing on their own servers. Online stores need things like addresses and credit card numbers to operate properly, but for years they've been set up to not require the user to provide that information until late in the process.
The idea that online stores figured this out before most of the rest of the Internet is strange.
Michael Brooks on June 4, 2007 10:35 AMThe biggest reason I haven't signed up to facebook is that you can't actually look at the site until you've signed up. Rubbish.
Ben on June 4, 2007 10:59 AMThe website (http://developer.facebook.com/) does not require any login anymore.
And to the parent above, Ben: One of the reason why Facebook is so popular is it's fine-grained control of PRIVATE social networks.
Nobody can see what you don't want them to see.
Mike on June 4, 2007 11:31 AMComcast, OTOH, keeps redirecting to itself forever if you have cookies blocked. It's so hostile it's Comcastic.
Too often there's a disconnect between the site visitor (who's looking for an anonymous one-night stand) and the site owner (who wants the guy to come up with an engagement ring first). There's the crude saying "I wouldn't ___ her with someone else's ____"... but if you would, that's basically what BugMeNot is.
Joe on June 4, 2007 11:31 AM"I'm not so sure the Facebook folks are "brilliant on several levels" if their API documentation was placed behind a login barrier, even if for only a few days."
Heaven forbid they have a small error that they corrected quickly. HEAVEN FORBID.
dalas on June 4, 2007 12:18 PMOn a related subject you know what else I find bafflingly stupid? Required fields in optional questionnaires. They all over the place. Pretty much every questionnaire I have ever filled in (And I'm a generous fella' and will fill in quite a few) has them.
I can understand the desire to gather as much information and connect it all together, but as soon as I see an optional questionnaire REQUIRING my postcode or sometimes even email (depending on how much I trust the source) I'm gone.
Surely they can make use of the information I am willing to give? There loss I suppose.
[ICR] on June 4, 2007 12:33 PMAnother great example of this is when an online site forces you to sign up just so you can see what the shipping costs would be, or even worse the price. Oh, I'll "sign up" alright... hello Mr. Fljadfljsdfljad of 1234 Main St. Anytown, USA 20001 nice to see you.
Kai Tain on June 4, 2007 12:43 PMI think that facebook/myspace/etc. are sticky enough that they are used to the login requirement driving membership, not turning people away.
nordsieck on June 4, 2007 1:02 PM@nordsieck
Probably. I suspect that Facebook's devs may not have a lot of experience producing things for developer consumption.. For their sake, I hope they quickly figure out the developer mindset.
By the way, this obnoxious requirement of obtaining an API key is 1 of my biggest pet peeves when I try to make mashups.
Zian on June 4, 2007 1:10 PMI agree with you 99%, however some sites by their very nature must require a login barrier (or at least I seem to think so).
Take my newest site for example: www.radiocurrents.com
This site provides music and other downloads for radio stations provided by record labels. The level of security that we have been asked to have by the record labels prevents us from allowing any content to be really shown without not only forcing them to register but to verify that they are who they say they are.
I think its a very special case, but wanted to point out that the case does seem to exist, though as you said, the barrier is usually there more times than it is truly needed.
Matt on June 4, 2007 1:20 PMI find having to log in is not the only barrier, though it is a major one. To pimp my blog a little, I wrote a post on how annoying it is both as a user and a developer to have to create a social network for every site (http://icr.vox.com/library/post/a-global-social-network.html).
I like the sound of Netvibes and Pageflakes, it obviously makes things a lot easier. Though I would probably find myself a little irked when I, having used it and not signed up, went to another machine and wanted my customized content.
I'm liking the current trend to use email as the persons ID. Primarily because it means people are more lacks about what characters they allow in display names, so I can have my square brackets :P
[ICR] on June 4, 2007 1:31 PMJeff made a great point. What's the benefit to the user? If you are making them login, just so you can track how many people are accessing your stuff, then you just created a barrier. If that login gives them access to lookup stuff that's related to just them, that's a reason to have a login.
But let's not forget an ancillary benefit for having a login is protection against identity theft. For example, if Jeff's responses to posts weren't orange, anyone could post a response with the name "Jeff Atwood".
Even in that case, just because you want to offer the ability for people to create accounts, you shouldn't restrict your site functionality to just people who have accounts. ImageShack.us does a great job of that, you can upload a picture to be hosted with or without an account. But if you have an account, you can go back and manage and control the pictures you have uploaded.
Hey, who moved my cheese!?!?!
Tim on June 4, 2007 1:34 PMKind of reminds me of http://www.youtube.com/watch?v=iNiO6dCH42Y
MyKey_ on June 4, 2007 1:56 PMA login barrier is a tactical element in a site; Facebook uses theirs to create a sense of privacy and exclusivity.
Their growth rate shows that this is working just fine.
Phil on June 5, 2007 2:20 AMLogins are not and never will be an issue, my point of view- Shoot all the smart arse half baked web developers who think that 5000 lines of script is what it takes to display a button in a web page. Its not rocket science, to many people write their little blogs have a whinge, the reality is that over fifteen years the line speeds have gotten quicker and quicker and loading of web pages has gotten slower and slower. Want to complain about typing half a dozen text characters in a box ? wow you really are at the bleeding edge.
David on June 5, 2007 6:32 AMI think that the login barriers are a valid hurdle to leap. Every person that complains that they have to log in every time is also the person that has regular cookies turned off, scripting turned off, and wants their cart to still be there three days later.
Seriously, with AutoFill for registration pages and login remembering, the browser reduces most of my registration pages to a 1 click event and the login pages to a Submit click. The browser is doing the heavy lifting, no permanent cookieing needed.
Chubber on June 5, 2007 7:54 AMI completely agree on this. I believe this is not only for the documentation, the users should be able to even try/use your application without a login. This is what we have done on JotForm. I posted what I think about this subject here:
http://atank.interlogy.com/blog/?p=12
This is exactly why we need openid (http://en.wikipedia.org/wiki/Openid). I wish I could login everywhere by typing my gmail address, and then letting google handle the authentication. Fortunately, that seems to be the direction we're heading in.
Wim on June 5, 2007 8:03 AMJon Raynor makes a good point on the Facebook API... The CRM vendor we use restricts people who can access the API documentation to paid partners and customers. If you are paying your software maintenance fee then you're not going to be able to access the documentation. But still, if I don't know what I am missing, am I really missing anything?
Tim on June 5, 2007 8:23 AMChubber: The Login Barrier is not about a website requiring you to log in at all. It is obvious that preference persistance over a longer period of time or across different browsers or machines will require a login. The point here is that many sites require you to login (and, before that, register) before you can use the site at all. That is, you must sign up before you know if you want to sign up.
OpenID looks neat. I would love to see it implemented on a large scale.
Sean on June 5, 2007 8:27 AMIsn't OpenID just a sprawling Carnivore-like creature in the hands of who-knows-whom?
Anonimity on June 5, 2007 9:23 AMFunny, I did the same thing as you.
"Login!?! Spffff, whatev's, later."
And I left the page. Havent gone back since. Capturing an audience is like ecommerce. You have to make it easy to get in, easy to buy in, easy in general.
Donn Felker on June 5, 2007 10:21 AMCheck out www.doodle.ch - proof that a login isn't necessarily required, even in circumstances where you might expect one.
Benjol on June 6, 2007 4:37 AMSun does something similar to a lot of the content on their sites. To get patches, documentation, applications, and their troubleshooting information you have to sign up.
However, since they no longer charge for their software they want all their users (who tend to be enterprises) to have a support contract with them. Some of those can be affordable for a user (~$300 per annum) when I was considering signing up.
It's a change that I don't completely agree with but I understand why they have done it. Though its' annoying that I have 3 different sun ids that are tied to my previous employer's email addresses and I have forgotten the passwords.
Generally I think that for technical info its' okay to have a signup process as long as it is very short and easy. Just ask for an email address and password. If the person wants maybe more access such as access to the source then maybe the name, address, and other info. However this only applies to non OSS projects.
tenacitus on June 6, 2007 8:40 AMWhat really gets annoying is trying to remember your login name and password for multiple sites!
I try to use the same name/password combination for all of the sites I feel the need to login to but sometimes it just is not possible.
So, what's a developer to do? Well, the STUPID thing like everyone else that is not autistic and can't remember dozens of login names and passwords. I write them down somewhere (Oh network gods of security shudder!) I simply have no other choice; I have to do this to be able to access the site later.
So, remember, if your site does not absolutely positively gotta hava hava gotta login then DON'T DO IT. Or I might just blow your site off for ALL of the above reasons.
rabid wolverine on June 7, 2007 5:46 AMStores like Amazon, for many years, have allowed users to stock a shopping cart without logging in.
This may be nice in some cases, but the total inability to obviously log in to Amazon drives me crazy. If I want to add an item to my cart for later purchase on any normal site, I log in, click "Add to cart", and log out again. On Amazon I have to carry out a poke-and-hope navigation exercise to get me to something that'll actually allow me to log in, in order to make my choice persistent. Logging out again doesn't seem to be possible at all short of shutting down the browser and restarting it. This is taking the principle of "don't force people to log in" a bit too far.
green flash on June 18, 2007 1:44 PMI think the friendliest signup system I've seen is that used by KGS (a href=http://www.gokgs.com/http://www.gokgs.com//a)">http://www.gokgs.com//a)">http://www.gokgs.com/http://www.gokgs.com//a) . You give them a login name, then click guest to login without registering. If you decide you wish to register (which enables the site to track your statistics, maintain a log of game records, and other such user-specific features, you can. However, registration takes place AFTER you are already on their site; you register the name you just used to login as guest.
Bri on July 9, 2008 9:02 AMpretty similar to choosing game difficulty before even playing game;) in that that you don't know what are you going into. whether this registration is worth.
mila on July 12, 2008 2:44 AMMySQL is one of the worst sites as they want you to register to download and make it unessecarily difficult to find the free version.
Tony on July 12, 2008 6:20 AMin any economy, the capitalist maximizes profits. How are these restrictions any different? Hits and views are the modern day currency, registered users are like diamonds. If a website has a banner, most likely they're trying to make money. Login data is gold to potential advertisers. Not logging in to see an API is an indication that you're not serious. So many tools to save passwords, browsers, cookies, if you weren't even a registered user in the first place that barrier was a brilliant idea. When a website is first launched, I think its important to move these restrictions, but as it becomes established, they can't be bothered with the dissidents who only now want to see their stuff. the choice is yours. Coincidentally, comments are a great trap. That burning desire to be overly opinionated often leads me to register for some blog that ill never remember my username or password to. This is one of the websites i'd have registered to comment on, its great that i dont have to, though... am i logged in??
Ezrad on July 20, 2008 9:03 AMFacebook is back to prompting you for login when you click the doc link in the article. Apparently there's a force acting in opposition.
Chris on July 25, 2008 8:09 AMMicrosofts live.com offering has been doing this since at least the beta stage when you start personalizing your page. it issues a cookie and remembers you until you register/sign in via passport. After that connection between cookie and account auto signs you in. And to be fair and balanced in the reporting the new iGoogle also seems to have this as well.
I am sure that some smarty pants out there will point out that some other obscure site has been doing this even longer.
Mike Johnson on February 6, 2010 10:07 PMMClaren, While I'm not a fan of PHP, your ignorance shows through in your post when you mix up server versus client side scripting (Javascript) and PHP and browser rendering (Thats almost always handled using CSS on the client side, and using external CSS files means that the script has to return very little if not the same amount of information to the client).
You also assume that Hotmail uses PHP, when with it being a microsoft product, is more likely to be using .NET.
Now I understand how a PHP/mySQL site can be slow, but your preaching to the choir here. Its an intrepretated scripting language, if you want speed, work in .NET or JSP.
I will say that reading your ignorance laden rant brightened my morning though. I hope your not a professional web developer.
Depends on the site. Sometimes you want the brick wall (Banking, Financial). Sometimes people pay for the priviledge, for example New York Times.
For the API documentaion, maybe you have to be a Facebook partner to view the documentation (just guessing here).
If ther isd a login, there should be a good reason (business or otherwise) why it is in place.
Anyway, if your making a public site, some content/actions should be viewable without logging in to allow casual users to experience the website. If they want more, have them create an account. All they need is an ID and password so they can login at a later date.
You could just use there email as there ID, but if your storing the email in a cookie, then all you would have to do is replace the email address with the person's email to impersonate them, so maybe challenge response is better.
Yes, this does make sense!
Johnson on February 6, 2010 10:07 PMI came across this same thing a few weeks back when we accidently put Twiddla live. In the morning, we required a simple username+password+email(optional) to try the thing out, and were getting plenty of people trying it out. In the afternoon, I pushed a new build that didn't require an account to demo the app. There was an immediate 4X spike in traffic into the application itself.
Certainly sold me. Graphs and a writeup of that experience can be found here:
http://twiddla.blogspot.com/2007/04/1000-signups-on-day-one.html
A true love is what doesn’t strive for busyness, for extravagance, for luxury, and moreover for hokum
http://www.suprafootwear-store.com
http://www.supraskytop-shoes.com
Good post. Very impressive. Thanks for sharing.
The comments to this entry are closed.
| Content (c) 2012 Jeff Atwood. Logo image used with permission of the author. (c) 1993 Steven C. McConnell. All Rights Reserved. |
Subscribe in a reader
Subscribe via email