
Show HN: I built a free, simple login service. Would you use this? - benzguo
https://login.land/
======
AlchemistCamp
I agree with kenji's (dead) comment.

I'd rather set up login functionality on my own server. If you use a third
party service, their downtime becomes your downtime. Worse, you're injecting
another company into your relationship with your users. If that were
necessary, I'd choose one the customer was already familiar with, like Google,
Facebook or Twitter.

Setting up login isn't very difficult and libraries exist for most webdev
languages to make it even easier. It's definitely not worth 5% of my revenue.

~~~
IgorPartola
Login management should be built into the browsers instead. Imagine a UI where
you go to log in and instead of a text/email field for login and a password
field you get a drop down with a list of your personas that you’ve created
with the option of adding a new one. Under the hood it would use a
public/private key pair to authenticate you with the site.

Browsers could implement a service that backs up your personas and syncs them
across your devices. Ideally the syncing should be cross browser too and allow
me to use my own servers for this if I choose.

~~~
wakamoleguy
That sounds very much like the goals of Mozilla's Persona service. While it
required a separate service and some JavaScript, the idea was that it could be
supported natively by browsers in the long run.

Unfortunately, it was shut down in 2016 due to lack of interest.
(Coincidentally, I just spent this past week hacking on its source code.)

~~~
8organicbits
I wonder if it just wasnt the right time and if the project could be revived
in a couple years. It seems like a great direction.

------
Cu3PO42
If I had some smaller website that I charge nothing or barely anything on, I
might. If I had a bigger SaaS product, probably not. I wouldn't say your
pricing is necessarily unfair, but paying 5% for what is probably a very small
part of the application, I couldn't stomach.

~~~
benzguo
Thanks for the feedback! I’m open to changing the fee – is there a % fee you
would be more comfortable with?

~~~
eitland
FWIW: I think the user you are replying to is honest but an unusual case.

5% on payments might be OK until things starts to take off.

Source: I've helped launch a successful business with Shopify and Paypal 10 or
so years ago. Maybe could have saved a lot in fees but that solution was so
nuch easier than the rest that it was easily worth it.

Edit: the webshop and payment solution was later changed to something less
expensive.

~~~
Cu3PO42
The way I understand their pricing is that it's whatever Stripe charges plus
another 5% on top of that. I'd feel a lot better about 5% flat.

------
42droids
I am afraid, I would not use it. As others pointed it out, login is such a
small part of a system that it's not worth employing a 3rd party service to
get it working. Also, using this service requires trust. I personally don't
use nor implement FB, Google, etc logins either as I don't trust them.

------
rho4
Wouldn’t it be „wrong“ to teach my users to trust login emails coming from a
foreign domain? Also, how do you plan to keep your emails out of spam folders
and blacklists? From your website it wasn’t clear to me how I would check the
login code for validity.

~~~
codegladiator
I know where you are coming from but it's sad that new service email is
assumed to land in "spam". Spam was meant for special, not default.

~~~
Icathian
Original intent notwithstanding, defaulting communication to a junk box is
absolutely the correct stance given the current signal to noise ratio in
email.

------
richieartoul
This is actually a really cool idea. I think the people who are saying they
don’t want to inject a 3rd party in the middle of their business are missing
the point or are working on projects large enough that this doesn’t make
sense.

A 5-7% overall fee (once stripe’s fees are taken into account) could make
sense for a lot of small businesses that don’t want to manage this stuff,
although I feel realistically you could reduce your fee significantly for
larger customers.

The fee structure also starts to make a lot more sense if the focus is less on
login, and more about making it really easy to monetize your product
(different subscription tiers, gating features, pricing suggestions, funnel
analysis, a landing page generator, etc).

Regardless I’ve built side projects before that still have lots of daily
active users that I never monetized because I couldn’t be bothered to do all
the payment and subscription integration work.

If I could start a new project today and know that I have:

1) User management (auth, password reset, etc) which is tedious to reimplement
2) Payments

Working from day one that’s a very enticing idea, although you’ll need to
build faith that your service is reliable and will be around for a long time
to get people to start using it.

My email is in my bio, feel free to reach out, I’d love to chat about it a bit
more.

------
brandonmenc
No.

If my app is small, I'll roll my own or use the free tier from Auth0 or Okta.

If my app gets big, I'll roll my own or pay for Auth0 or Okta.

Like a lot of SAAS ideas, a login service is: too critical to trust with an
unknown, already a mature SAAS offering elsewhere, and easy enough to
implement yourself if you don't want to pay for it.

------
ShaneMcGowan
I like the idea but what benefits do you provide over using SSO with Google
and setting up stripe myself? I'm not sure ease of use would bring me to use
you over what is currently available

------
kirillzubovsky
I am currently using Auth0 which has all the cool functionality of logging in
with 3rd party services, user management, and so forth. I think I am paying
them $25/m to use it, something fairly trivial but non-zero.

If I were getting started with logins again, I'd say I could pay you $250 one
time just to download all the code, and roll it out on my own systems in
minutes. This way I'd have user auth with easiest setup, and no need to
reinvent it on my own. Probably.

But, are you just testing things, or is Login.land real? Since your own login
system asks for password, instead of email-based auth like you are showing in
the screenshots, I suspect that maybe this is just a test :)

~~~
benzguo
Definitely early stages – mostly looking for feedback on the landing page /
demo!

Agree that it’s hard to compete with more full-service solutions like
Auth0/Firebase. Maybe there’s some variant of this, like self-hosted, that
could work :)

------
ALittleLight
I'm currently building a kind of game website that needs a login system.

I like the idea of going passwordless and just checking an email and clicking
a button. That seems low friction. I like that you don't require a credit card
from me. I also don't expect to charge users ever so I like that the service
would be free.

On the other hand, my hope in building my current project is that I'll show it
some people and they'll enjoy it and I'll keep working on it and more people
will keep using it etc. If that does happen I'd want complete control over the
login system and I'd hate to be in a situation where I couldn't make changes
to the system (or remove your component) because my users were already logging
in via loginland.

For example, I imagine a future where people love my game it's taking off, but
there are problems with your service. If I replace it, I have to figure out a
way to preserve the accounts and logins of current users while simultaneously
giving a good experience to future users. It seems easier to just do a minimal
login system on my own now and improve it as needed.

Finally, if I were in a money making venture, I'd have the same concerns plus
I'd realize the cost of 5% is probably disproportionate to the savings - which
would be having to implement a very well understood solution.

------
koopuluri
My first thought when I was going through the page: HN will not see much value
in this given it's a highly technical crowd.

I urge you NOT to get discouraged, and to chat with non-technical online small
business builders: you'd find many who market primarily on Instagram, who are
just figuring out how to get a nice website for their brand.

I see a lot of value if you position your service as a way for them to offer a
tiered loyalty program for their customers: i.e. "log-in via loginland, buy on
our site and rack up points that you can redeem later!".

Not sure what the integration would look like with their existing website
builder stack, but could be fruitful to look into this.

Also, there are MANY brands looking to spin up their first online store for
their brand - may even make sense to offer a very basic product listing that
lets them sell products and manage loyalty programs easily with their
customers.

Just a few suggestions that stemmed from recent conversations with founders of
these kinds of small scale Insta-marketed brands.

~~~
benzguo
Thanks for this comment, it was really encouraging!

Do you know if there’s a community where these Insta founders hang out? I’d
love to chat with you more if you’re open to it, I’m @benzguo on twitter!

~~~
koopuluri
Hey Ben, yes I'm down to chat (email in bio).

TLDR: Our company's target audience is small brands that market primarily on
Insta & Tik tok w/out websites yet - in India. So far, it's been a very manual
process to build a list of them. After every conversation we have, we ask them
for referrals (interestingly, Insta-based small business owners seem to be
well connected in India). There are also event organizers that have insta
profiles where they showcase brands that present at their events.

Happy to chat in greater detail, & all the best!

------
bluehatbrit
I recently made the toss up between Auth0 and my own system. Ultimately I
couldn't bring myself to use Auth0, it wasn't the price but the lockin that
got me. Being able to log into a product is a key gate and I don't want to
lose control over that even if it is slightly more work in the early days.
What's more, it becomes extremely hard to migrate away from.

As someone else suggested in here, I'd be happy to do a one off payment for a
system under my control. However, a handing over the literal keys to my
product is not something that I'm comfortable doing, especially without
reassurances that I can easily migrate away from it. The fact that there are
so many good libraries that deal with the most painful parts of this just make
the sale harder for me.

------
rho4
Your fee example seems either plain wrong or dishonest. If you use Stripe to
handle payments, the fee of using your service must be higher than using
Stripe directly. But you claim that Stripe would take 35c, but you only 25c.

~~~
benzguo
I’ll try to make this clearer, thanks for the feedback! You’d pay both, the
Loginland fee on top of Stripe’s rate. (This is a pretty common pricing model
for platforms – BuyMeACoffee has a similar 5% rate on top of Stripe). Open to
suggestions! :)

~~~
rho4
So it‘s 2% Stripe fee plus 5% loginland fee = 7%? You repackage and resell
Stripe’s payment service but tack on more than double their commission?

------
tomp
A few too many steps, don't you think?

Why would the Login website redirect to Loginland instead of just sending the
email directly and displaying an "please check your email" popup? One less
page load.

Why would the email redirect to Loginland, not to the original website? OK
maybe that's absolutely necessary because of some invasive anti-privacy user
tracking, but even then, why would Loginland website tell you to _close_ the
window and go back to the _original_ window (what if the user closed it
already??), which would only then redirect to original website?

Seems like a lot of ceremony for nothing.

------
gfodor
No:

\- for trivial projects, I don’t want them to stop working one day

\- for more serious services, moving login to a third party is a huge risk.
The upside isn’t worth the risk. Even if it did your pricing is way too
expensive, but that could be fixed.

~~~
benzguo
That makes sense – I’ve had the same feeling, but was curious if there was a
niche, hence this post!

Is there a price point at which you would consider using something like this?

~~~
gfodor
No, not me personally, however if someone lacked the skill to build a login
system _and_ lacked the risk aversion to outsourcing it (which I’m guessing is
not uncommon because that risk aversion comes with experience) then perhaps
there is a market at the right price.

------
onexey
I'll comment in an end user standpoint. I'm not trying to debunk your idea. I
know, having an idea and acting on it is a hard thing and kudos for that. I
would love easier login process on every site.

I don't know your likely use case or target market. So I'm using an imaginary
one based on my usage.

Disclaimer: I'm not your average user. I use password managers heavily. But on
the other hand every browser have some kind of integrated password manager.

My imaginary scenario has these assumptions: \- This website relatively simple
and offers unimportant service because otherwise it's not a good practice to
use this service. So my security need relatively low. \- I'm using this site
relatively often. Maybe a few times a week. Otherwise these points are not
that important.

My imaginary scenario has two cases: \- I'm using my regular PC & Browser On a
website using this service, I always have to open my email address and click a
link to approve login. And if there is a "Remember Me" option only the first
time. So my cumulative additional cost between somewhere 1 - infinity extra
steps. On a regular site, I'm already in here. I'll just hit a key combination
for password manager and I'm done. And if I'm using browser's password manager
I'll probably just need to click login. \- I'm using a new PC and/or a brand
new Browser/Profile My email address has 2FA active with a really complex
password. This just caused me unnecessarily 3 step instead of 1 to login.

------
aminozuur
First thing I noticed, hovering the big "Get started" button did not change my
mouse cursor to a link-pointer. Just a small suggestion :).

Edit: Also, after clicking on "Get Started", the first field (email) should be
in focus so the user can start typing, without having to move their mouse and
click it first.

Edit 2: I love the simplicity of this tool. The interface is pretty good (but
not yet great). How can I contact you?

~~~
benzguo
Thanks for the polish feedback, this is helpful! Feel free to get in touch on
Twitter: I’m @benzguo

------
SecurityMinded
Anything that requires me to traverse through different applications to login
to a website, unless it is managing my money or very sensitive personal
information, is NOT SIMPLE. And for those which require more than one app to
login, I much prefer tried and true 2FA apps like google authenticator or
Authy or RSA tokens etc. Email is inherently insecure. Why make my 2FA an
email?

------
benbristow
The flow is really confusing.

You enter your email, get taken to a page that tells you to open the email. If
you close that page then you can't login even after clicking the link in the
email as you need to leave that tab open, open a new tab for your email, open
the link in the email, close that and go back to the original login tab.

Why can't you just click the link in the email and you login?

------
martins_irbe
It’s not free if you ask for a share, therefore the title is misleading. Maybe
title “I built a simple login service” would be more fitting. However, I would
need to question simplicity as checking your email is far away from simplicity
UX wise. I wouldn’t use your service if you would pay me to use it. Comparing
your service with Stripe is just ridiculous...

~~~
swyx
the login is free, the payments are not, but the title didnt say anything
about payments.

------
neiman1
I can definitely see myself using it when creating an MVP, but longer-term I'd
probably set one up myself.

In terms of the pricing, it may be worth considering a cap (e.g. 5% on
successful payments up to a maximum of $Y a month), otherwise, you might find
that your entire userbase ends up being comprised of early-stage projects that
are making little to no money.

------
xiwenc
I'm surprised you're not dog fooding:
[https://login.land/login](https://login.land/login) :)

The page leading to login is a bit too plain. Makes more sense to point to
/login instead of [https://login.land/admin](https://login.land/admin)

------
andretti1977
It seems interesting but does the user have to check email any time he/she
decides to log in to my service?

If so i don't consider it interesting.

I would consider very interesting something similar to firebase authentication
without having to include all the google privacy killer stuffs and for free.

(Edit: i didn't read the text where you explain how you make money)

~~~
benzguo
Thanks for the feedback! Currently passwordless email confirmation is the only
supported login flow, but I’m thinking about building alternatives like
Twitter OAuth, or a password based flow.

Does the pricing model make this less appealing to you? Open to adjusting it!

~~~
andretti1977
Well since i'm interested only on the auth part, it would be ok for me and if
i had to charge i would implement Stripe my self in the project so i'm not
sure you will be able to raise a lot of money

------
zach_garwood
As a software developer, I wouldn't use this service. But if I was someone
without my skillset trying to build a no-code / low-code MVP, I definitely
would try this out! I think that may be your sweet spot. I don't think HN is
your ideal audience.

~~~
benzguo
Yeah, I’ve been thinking that too. Low-code definitely feels like the space
for this, and I just need to go find that community :)

------
wakamoleguy
This is really cool, and its an interesting way to try to monetize what would
otherwise be a relatively small service.

The big issues here are trust and security. Before using a third-party login,
especially if it isn't one of the big ones, I would need to understand more of
how it is handling the data. A breach in your service translates directly to a
breach in mine, and the intro page does not describe many of the details.

Does using your service offer the end users any benefit compared to a third
party login or built-in login service? As it stands, it seems like they will
be giving their email address to yet another company, which may erode their
trust in my own service.

------
varbhat
No.

Google signin is used because of Chrome/Android(Or browsers in general because
of Google account which many people have it atleast because of Gmail).

Apple ID( their login ) is useful because of Apple ecosystem which constitutes
IOS,MacOS,etc.

So,there is no appealing reason to use your product. What if it is down in
future? Also,it's closed source and not federated.

I am interested in federated login system(Probably OpenID based?)

Think it like a single self hosted login system for all Gitea(which may happen
in future)/Gitlab instances or federated open sourced self hosted(or company
hosted) alternative to Google signin , speaking common protocol.

~~~
zzo38computer
Actually what I would want is a system like OpenID but using SASL instead of
the web browser.

------
weatherman2
The market you want to target is people who aren't software engineers but want
to run a simple website. The gulf for someone who just wants to serve a static
html site but wants to have some content that requires secure access is huge
right now.

Consider the use case for a person buying woodworking plans from a website.
Payment required to access pdf plans, but the owner of the website wants to
set it up once and not worry about it, and not to have to learn anything more
about coding than they have to.

------
atarian
I believe people call these "magic links" or "magic URLs". There is definitely
a market for it, I recommend searching for competitors and see what you're up
against.

------
jcims
I tried setting up an account and got a Firebase error, but generally the
answer is no. Sorry.

I'd have to have faith that your implementation of the login flow is more
secure than one I could build or get elsewhere. Any weird security smells
(like the login page differentiating invalid user email address from invalid
password and leaking Firebase errors to the user) are going to lead me to
believe that the code hasn't been reviewed from a security perspective.

~~~
benzguo
Thanks for the feedback! This is definitely early stages – mostly looking for
feedback on the product and landing page, but I’m definitely embarrassed you
ran into that Firebase error! I built the admin side using Firebase auth to
get started, but have been planning to move it over to Loginland...

~~~
hnlmorg
I think you really need to do this before expecting people to use your
service.

------
pachico
I would only use it if I needed to create a quick MVP/PoC but then I'd fastly
run to implement it once the idea is validated. In addition to the reasons
already mentioned here, I'd say login is one of those features every language
has a ready-to-use library for. Also, it might be that a certain ACL is
required too, which is typically very specific for your domain.

------
jasonlingx
Facebook had a free simple login service, over email and SMS as well. Until
they shut it down.

------
Farfromthehood
But it's not quite free.

~~~
mcny
It is free to you if your product is free to your user.

------
anderslemke
Hi benzgou. It seems login.land is down. What happened?

------
leesalminen
Interesting monetization strategy of integrating payments into the flow.

------
futhey
While I like this a lot, I don't like the idea of creating a new customer in
Stripe every time someone signs up as a free user. Perhaps this works better
for other types of businesses.

------
woranl
No. The login flow is too tedious for the user. Too many clicks.

------
hellofunk
The redirect should happen automatically when they click the email, you
shouldn’t ask the user to shuffle around their tabs after that point.

------
futhey
Firebase: No Firebase App '[DEFAULT]' has been created - call Firebase
App.initializeApp() (app/no-app).

------
dieg0
Honestly I don't see any scenario where this service would add value, on the
contrary.

------
anderslemke
login.land seems to be down. What happened?

------
je42
If I would use a an external login service it would need to be fully featured:

\- GDPR compliant \- (multiple password) recovery processes. \- user account
hacking protection (with notifications) \- two factor authentication. etc.

------
tzvsi
Open source it.

------
colinmorelli
It's a fun project, and kudos for shipping something at all!

My honest feedback:

There are already a host of services that do authentication, and a host of
services that do payment and subscription management, and the leaders in each
of those spaces are actually quite good. Loginland currently sits in the
middle - it's not the best authentication system, nor is it the best payment
system. It's just a little bit of both.

So, how do you combine the individual value of those services into something
that is distinctly valuable? An interesting example in this space is fast.co.
I have no idea if they will ultimately be successful or not. However, they
verticalized specifically to e-commerce and combined login + checkout to a
single step that is significantly easier/faster for the customer than a
conventional checkout process. The pitch to the seller is: higher conversion
rate, meaning more revenue (and we can potentially reduce fraud in the
process). Among other things, they do this by opting for a fixed-time instant
cancellation window after the order, rather than putting up a confirmation
page beforehand. They use the strength of the identity system to streamline
the checkout process, which is a unique merging of those two things that
provides real value. There's also not much downside, as the traditional
e-commerce customer doesn't associate much value with customer identities in
the same way that a SaaS platform might. As it currently sits, I don't see
that value unlock for loginland, so it feels like a mushy middle position.

Another direction here is thinking through how media is monetized. Right now,
most major news publication (NYTimes, Washington Post, BBC, etc) have login
and identity management mostly for managing subscriptions to news content (the
identity itself isn't a ton of value to these companies). I believe there is
probably a business that can be built around offloading identity and payment
for these companies (customer has a relationship with loginland, loginland can
get me into Washington Post content in a single click). Helping news companies
shift more of their revenue from ads-based to consumption based or recurring
would be huge. This business may already exists in several forms (I personally
know a founder that started one which ultimately did not work out), but is
another example of a vertical play.

In short, as you navigate next steps for this product, I'd advise you to keep
an eye on where your customers will really get value from you. Streamlining
identity management or checkout might not have as much of a conversion lift
for SaaS as it would for other industries where purchase intent is lower. Look
first for those, and see how you can best help them. Don't get discouraged by
the comments here, though. Often times tiny tweaks make all the difference
between success and failure.

~~~
benzguo
Thank you so much for this thoughtful comment! I really appreciate your
feedback, and the encouragement :)

I totally agree with you that it feels like this product currently sits in a
weird mushy middle – not a great fit for coders on HN, and not differentiated
enough in the crowded no-code-storefront space.

I’ll keep iterating!

------
blunte
I would just run Keycloak.

------
dplgk
Is logging in that hard?

------
justinzollars
No.

Devise is pretty simple to set up.

------
jiveturkey
absolutely not, never. it's one of the worst ideas ever.

why would i give you the email address of all my accounts, and the ability to
spoof them, for something that is trivial to build myself?

------
hckr_news
This is cool

------
gopi
so this is similar to fast.co?

------
kgraves
will you be there in 10 years?

~~~
onli
He does not have to be there in 10 years. If his service where to go away you
just change the login system to something else, there are open source
alternatives. The id is the email, so there is no lock-in. That's for the
login-part at least, adding stripe manually on top would be a bit more
complicated, but doable.

~~~
kgraves
> He does not have to be there in 10 years.

no point or use of this service then, might as well build our own / use oss.

------
asimpletune
Yes

------
rdevnull
yes very nice !

------
Kenji
Why would anyone use this? Just write your own login, it's not hard, and you
don't have the dependency on a 3rd party site that can go down at any point in
time.

~~~
sjwright
I agree that writing your own login routines is not hard, except I wouldn’t
want anyone to have the impression that it’s trivial.

It’s not trivial. It requires some knowledge to do it well. Off the top of my
head—choice of unique identifier, password complexity rules, hashing best
practices, registration flows, recovery flows, abuse detection, markup hinting
for password managers... I could go on.

