Am I the only one who finds subtle animations much more pleasant?
I think there is a reason why it's dark when the stage set of a theatre is being changed between scenes, but with user interfaces somehow any rearrangement must be a distracting visual gimmick these days.
Edit: Seriously, why do you need a hard change to a blue background only to then move a white cloud up across nearly the complete height of the screen?
That is beautiful! One thing I've noticed tho from some of my older users is that they have no idea what the difference is between "login" and "sign up". I'm sure there's a better way to present that, but I haven't figured out how so far.
It is beautiful and it's a tough problem to solve--the login/signup is a big cause of friction and confusion to users.
I would wonder how many users notice the "Sign Up" link or read it as "Sign In" and not understand how to proceed.
The distinction between username and email is lost on a lot of people, unless you expect accounts to outlive emails and the value of having an account is worth this friction (think Dropbox or online banking) then use an email or phone instead.
I do wonder if for most apps a two-step process is easier: enter your email/phone to continue, if that exists ask them to logon or otherwise create an account. I realize there are concerns about account enumeration, which are valid, but end up being overly hostile to the user (plus most registration flows leak anyway).
Visiting my mother-in-law the other day I helped her with a TV on demand "app" built into her TV. For some reason it needed her to log in again and she was stuck. She had successfully entered her email and password (I was surprised and impressed), but had absolutely no inkling of the final step required - moving the pointer to the button marked "login" and pressing it. So easy to forget that a tech-centric mental model can be completely alien to "normal" people, especially older people.
Hey! Thank you for your response. I agree with you that "sign up" isn't the best way to represent a register view, but if I were to name it "register," it wouldn't be that identical since I'm using a big font.
Step 2: if that email exists in the database, ask for password. Otherwise confirm with the user that they are new to the site. Then ask for password twice.
It’s a pretty animation... so nice work on that front.
Regarding login in general, people are done with passwords. From a security perspective they are worthless in most situations. From a user perspective, no one wants to make a new one or remember a different one, so they reuse them.
The good thing is this greatly simplifies the flow.
1) Ask for the email address.
2) check it against your system
2a) user found -> send auth email link
2b) no user, make a new one
Done. 2 steps, no passwords, no double path / flow
I think that's rather bold to say "people are done with passwords." Personally, I find them rather annoying. I don't like bouncing between apps. The email login link often opens a new tab/window, too. When the email doesn't show up immediately I question what one of five things could have gone wrong? Is it my fault or their's?
I also can't see how this would be more secure (outside of knowing they reuse the same password everywhere). If they hijack your e-mail they login without warning since that's the normal flow. If they use your email to reset your password, both the service and the user get informed there was abnormal access.
Sorry... people ‘should’ be done with them, but that is my bias towards security.
Your email is probably linked with just about everything you do. I would suggest you ensure it has a 16 character random password with 2 factor auth. If someone gets in, they own everything so treat it accordingly.
Also, what apps beyond banking or health do you log out of?
Accounts just seem to accrue. My password manager has over 500 items. I tend to uninstall phone apps I don't use after a few months and reinstall them as needed. I also hop between a computer and phone and iPad or between app and website, each requiring me to login again.
I also appreciate being able to log into an account on an untrusted computer without having to log into my email.
- if you change your email address, or have any problem with it (oups, google has blocked you again!), you can't log in. Have been bitten by this when myopera.com closed and I couldn't access my old email. I lost some accounts.
- emails are clear text, so bots can intercept a login link and use it
- if you want to share the account with somebody, you gotta give them access to your email
- I don't want my inbox to be polluted by 15 login email every day
- using my password manager is much faster than doing this
> We always include a backup code in the email you can manually paste in.
It's going to help me with any of that. Can't access backup code if email is closed. Won't prevent bot from stealing the account. Won't help me with sharing the account, I'm not going to give the backup code to the person every time they need to login.
> Do you need to login to things repeatedly? I mean, sure your bank... but what else do you log out of?
Banks. Stuff for which you have several accounts on the same service (I have 11 email accounts, 4 github accounts, 3 HN accounts, 3 reddit accounts). A lot of people have at least 2 fb accounts, one official and one personal, and most of them don't know about browser containers.
> You and I use a password manager... but are they mainstream? My parents sure dont
No, and I expect they will never be. Auth is not a solve problem.
But email links are not the solution. At best, one login option, and a good way to start off.
Password auth should always be offered. It's the most neutral, balanced, resilient, privacy friendly, interoperable stuff we have for now.
Passwordless is great until it's not. You tend to need to be on same device / browser as your email for it to work seamlessly. It also adds mental debt, in that many multiple actions are required to proceed (personally find myself with irrational logout fear thanks to this).
Appreciate it seems like it answers all the questions but I think, in the end, it talks more to the developer than the user.
I say this as a major proponent of smarter 'dumb' auth, an earliesh adopter with passwordless, plus having run it as the primary login mechanism on a site with 25-150 new signups / day for nearly three years.
Looking forward to more widespread adoption/availabilty of webauthn, embedded (consumer) security features, etc.
I think there is a reason why it's dark when the stage set of a theatre is being changed between scenes, but with user interfaces somehow any rearrangement must be a distracting visual gimmick these days.
Edit: Seriously, why do you need a hard change to a blue background only to then move a white cloud up across nearly the complete height of the screen?
https://github.com/realpaliy/ios-login/raw/master/art/finalA...