17 comments

  • Jarrod DrysdaleJarrod Drysdale, over 2 years ago

    Depending on how want to you do it, you might look up the design term "gradual engagement". (It applies to all kinds of use flows, not just signup, but I think the most common example is signups.) The idea is that you allow users to engage with the app and start using it before actually adding their account info and signing up. It works by essentially creating anonymous users, that then get populated with account data gradually as people use the app.

    Here's an old example from Twitter, although it includes a password, the password could be moved later in the flow.

    Obviously there's also Oauth (Sign in with your google account / twitter/ facebook / github / etc).

    I've also seen developer docs about letting people sign in/up with just their phone number. I haven't found a good example of this yet, but Google's Firebase provides built in support for it.

    10 points
    • Cameron Rohani, over 2 years ago

      I'm doing exactly this with my website builder. Users can make a full website and have it saved to their browser, but you only need to sign up once they want to publish, download, or edit their website on another device.

      1 point
      • Youri RoggevenYouri Roggeven, over 2 years ago

        another example is duolingo, where you can 'taste' the product and do some of the challenges before you actually need to create a profile

        0 points
  • Vincent Pickering, over 2 years ago

    The best example of this is Passwordless.

    https://github.com/florianheinemann/passwordless

    It uses a temp token to do a one time login, via your email address. The idea is that the email should be secure, so safe to send an access token to. You can set your own timeout on the token but 30 mins should be fine.

    3 points
    • Jan ZhengJan Zheng, over 2 years ago

      I did this with one of my side projects—do you know of any writeups about this from security researchers?

      0 points
  • Chris Gallello, over 2 years ago

    We direct users towards Google Oauth and deliberately hide the email/password + verification email flow. https://app.purple.pm

    When we made that change it spiked up our signup rate. There's one case where we need to ask you to sign in with an email and password, and that's through our Sketch plugin - building an Oauth login would be pretty difficult there. So we created a page that allows the user to create their password if they signed up through Oauth. Overall it was well worth the effort.

    1 point
  • Darian RosebrookDarian Rosebrook, over 2 years ago

    One of the most efficient uses I have seen is with Slack: They use a "Magic Link" system. https://auth0.com/blog/is-passwordless-authentication-more-secure-than-passwords/

    There are a few other options as well, as in one-time verification until a token expires. Like using Hotjar, or Facebook. This also goes over it, but is slightly older. https://medium.com/@ninjudd/passwords-are-obsolete-9ed56d483eb

    For actual signup without passwords, the most used that I see is creating accounts with Social Media Integrations. (Sign up with twitter, fb, etc. that Medium.com uses)

    1 point
    • Mattan IngramMattan Ingram, over 2 years ago

      I never actually use Slack's "Magic Link" because it's faster to just type in my password or retrieve it from my password manager.

      5 points
  • Tom Martin, 2 years ago

    Registration without a password can be implemented. I believe that this mechanism undermines the user's trust in your resource. Today, many products use complex passwords and no one can guarantee complete security. Make the right choice in this case.

    0 points
  • Hardi KHardi K, over 2 years ago

    Zeit.co uses a passwordless flow similar to Slack's Magic Link. You type your email, click the link in your mailbox and now you're logged in.

    They also use it for their command line interface, which is beyond neat!

    0 points
  • Eliot SlevinEliot Slevin, over 2 years ago

    So I think passwordless login is awesome, but do have a good think about the context - there are downsides.

    I'm working on a product users only engage with every 6 months to 2 years. Thats a lot of time to forget a password - hence passwordless login is perfect.

    But say I was making an app which required really regular sign on - like a banking app, or a chat app, etc. Something which my logins get invalidated fast. Or an app where I may not always have quick access to my phone / email etc. Like say a phone based vr app - my phone is strapped to my head, no I can't check my inbox.

    Tldr: Upsides - Can't forget - One less fucking thing to deal with in life

    Downsides - Takes longer - Annoying if I have to do it all the time

    Think about it. Auth0 has a very slick flow / design imo.

    0 points
  • Stef KorsStef Kors, over 2 years ago

    email newsletters

    0 points
  • Koos Looijesteijn, over 2 years ago

    I’ve seen applications where instead of a password, users had to pick a short series of images. At every log in, the pictures would be shuffled, so it wouldn’t be too easy for others to see and remember it. In the end it is like a pass phrase with questionable security, but it is usable for illiterate users.

    0 points
  • Xavier BertelsXavier Bertels, over 2 years ago

    I think the sign up process we designed for SweepBright is a pretty good one: https://sweepbright.com/

    0 points
  • Renee PRenee P, over 2 years ago

    Notion has a password-less login. Unless you use Google, each time you want to sign in they send a code/login link to your email. Personally I find it a bit of a hassle.

    0 points
  • Kyle ConradKyle Conrad, over 2 years ago

    Can't remember what site it was, but I've had one that links your account to your phone number and then texts you a one time use code every time you log in - ends up not needing to remember email/username and password, as you just type that and get the code every time.

    Obviously a little more labor intensive but an interesting method.

    0 points
  • ambrose l, over 2 years ago

    I just use OAuth with Google and only ask for permissions to share name and email address - people are already signed into some Google account on their phones.

    Example <-- I'm still working on this page, so excuse how bare this looks.

    0 points