

Ask YC: Login system - drewcrawford

I'm working on a startup involving lots of sub-$1 payments.  Because of this, we pretty much need a valid e-mail address.<p>Our options are: A) Let the users create an account, type in an e-mail address, and we send them a verification link (I hate these)
B) Let them log in with a Google Account.  They would actually be redirected to a Google.com page to log in, and Google would give us the e-mail address (we never have their password).<p>Personally I'd much rather do B as a user, but I can potentially see some confusion for users, especially if they don't have a Google account already.  In theory we could allow both, but for launch we are only going to spend time on one.  There's also a concern that some users would think it's a scam to get your Gmail password (even though it's entered on a Google.com site).<p>What do you think?
======
christefano
At my sites I like allowing members to create accounts without email
validation. To post anything, however -- or in your case, send or receive
funds -- their email needs to be validated and I use a persistent message in
the header to remind them of that.

I would personally never use your site if you required a Google account to log
in.

~~~
arthurk
That's a great functionality you'll see on some sites with the lost password
function. You can register without an email and use all functionality except
the "lost password" function — if you want to use it, you need to specify it
in your account settings.

I think HN and del.icio.us do this.

Is there some other functionality on your site that doesn't require payment?

~~~
christefano
> Is there some other functionality on your site that doesn't require payment?

I'm not sure if this question is for the original poster, but I forgot to
mention that providing an email address is actually required at my sites. Only
after validating the email address are members able to post, vote, etc.

One advantage to this is that I'm able to keep track of who hasn't validated
their email and therefore become full-fledged members of whatever site they
joined. I can start a conversation with them and learn from them what I
overlooked about the site -- or point things out to them that they may have
missed.

------
Stabback
I'm also confused about why you need a valid email address for the payments. A
little clarification would be good.

I would recommend against the Google account login system, I prefer to try to
keep some of my life secret from Google.

Have you considered openID?

~~~
tstegart
Receipts, customer service contact, account summaries. There's a reason why
they ask I'm sure. Its good practice to keep in touch with users when money is
involved.

------
tptacek
You want option (a). It works, it's proven, it's what everyone else does, it's
less annoying than it sounds like, and you're unlikely to screw it up.

------
djm
"I can potentially see some confusion for users"...."for launch we are only
going to spend time on one"

I think you've answered your own question here. I'd go for option A - it's
something users will be more familiar with from their experience using other
sites and it stops you losing users who don't want to create a google account
if they don't already have one.

Your users are what is most important and the deciding factor in decisions
such as this should always be to do whatever makes things easiest for them.

Also, why do you need to link a user to an email address to handle payments?

------
patrickg-zill
Another choice is to use their phone number. They sign up on the web, type in
their phone number. Then they are shown a PIN, you have an automated phone
system that dials the phone number and prompts them to enter the PIN that is
displayed. RapidSSL.com uses this method to quickly confirm a user for their
SSL certificate, so I assume it is good enough for your use.

------
tstegart
I'd go for option A too. If people are paying for something, an email address
is a legitimate request. Its a virtual world, and you need a way to contact
them. I would have your privacy policy ready to go and prominent though. You
might not like option A for some reason, but most of the time if the
verification email is sent immediately, its not a big hassle.

------
jkent
What about clickpass? Although that might be subject to trust issues too.

Most users are familiar with the verification concept, although still don't
like it.

Can you explain why you need a valid email address to do payments?

Just allowing Google accounts limits your market somewhat, but if you are
going for techies first, then you should be fine.

~~~
tptacek
It's hard to blame a startup if something goes wrong with Google logins. It's
real, real easy to blame them if they went with something as obscure as
ClickPass.

------
DanHulton
Keep in mind, Gmail has fewer customers than Yahoo mail or Hotmail - you're
limiting your service to a fairly small number of users if you do option B,
and people are probably not interested in signing up for some OTHER service
just so they can sign up for YOUR service.

------
pierrefar
Control the username/email and password and ensure that the password is very
strong. We're talking about money here, so it's best that you control access
as much as possible.

