We are building an app and I'd like to have a faster sign up process for users. Right now users can only get access after they got an invite by mail. After they got the mail, they can click on a link and they will be lead to the sign up form. This is asking for name, title and password. Next to the sign up form is a short text, what our app is about. After they signed up, they will be lead to the dashboard and have a 5 step guide, which explains most important functions and they are asked to do their first action.
Now I'm thinking about, how to get rid of the sign up in all these steps. The invite is necessary. So after invite they get a mail. The mail can contain:
a default password
a user specific login link
a link to the app
If they get a default password, they could login directly and start the walkthrough. Later they could update their profile at their profile page.
With the login link, they wouldn't need a password and would always be logged in automatically, when they use the link. Passwords wouldn't be needed.
They could get direct access to the app and do the walkthrough and after they did their first action, they will be asked to set a password.
Now my question: Which way do you think is best? Solution 1) is quite standard, they could login directly, but they would have to remember the default password or change it afterwards. I'm still not quite sure if solution 2) is safe enough and they would also have to save the link somewhere, so I'm tending to say that it's not quite useful, but it still came up as idea. Solution 3) would have the benefit, that they could use the app directly before finally signing up.
Answer
The short answer is to use option 3. If you would like the reasoning, read on.
Option 1
If you give me a password to use, I will have to either write it down somewhere or memorise it. The former is poor security, and the latter is just tedious. If anyone doesn't want one of these two options, they will have to create a new password, which is even more steps than what you currently have.
Option 2
A direct login link is fast the first time you use it, but annoying with poor security every other time as you have to find the link first. This means either: bookmarking it (terrible security); writing it down (poor security); or finding the email every time I want to log in (poor security and UX).
Additionally, the authentication information would be stored insecurely on your server. You wouldn't be able to store a salted hash of an email and password, which is in itself poor security.
You may also create a legal issue for yourself in that that you will never be able to show that any particular user has signed into the account. All you will be able to show is that a person had a link - which not legally authentication.
Option 3
This is the best of the three options, as it is both secure and good UX. Give an initial link to a walkthrough or demo account that the person can play with and start using, but make it clear to them that if they want to keep any data that they have entered, they will have to create an account.
Unless you have a valid need (not a want) for a title, I would drop that from the process and only ask them to choose an email address and password. The email address should be pre-filled in with the one that the invite was sent to, but they should be allowed to change it to a different address if they prefer.
No comments:
Post a Comment