Hacker News new | past | comments | ask | show | jobs | submit login
Keeping Users Logged In (estromberg.com)
71 points by estromberg on Sept 15, 2011 | hide | past | favorite | 11 comments



Someone forward this article to eBay please.

When I'm "logged in", even something as trivial as clicking the [add to watchlist] button prompts for my password. It's insane. Maybe require a this-session password for "money" things like bidding on an item, but not for everything on the site.


I've always thought Ebay could instantly increase its metrics across the board by implementing smarter login saving.

That, and letting auctions run until bidders have their final say.


I've always found the Amazon approach interesting. As part of their sales funnel they email related content to you based on your browsing habits when logged in. Clearly they therefore have a large incentive to persist the user's login status.

Their logout link takes the form "Hello %NAME%. We have recommendations for you. (Not %NAME%?)"

'Not %NAME%' is the logout link, which confuses the hell out of users (just Google 'Amazon logout'). Even if you know it's there, you battle subconscious friction in clicking that link when it is in fact your name.

This strategy has been around years and no doubt adds visibly to their bottom line, even while it exposes users to potential fraud issues with others using their account for one-click purchasing.


Most of the time, Amazon considers you to have a "soft" login. Want to view your order history? Password please. Change an order? Password. View/update addresses/credit cards? Password. This is sometimes irritating to the user, especially when clicking the "where's my stuff" link from an Amazon order email, but it serves Amazon well in that they can trace most site actions to a user account while at the same time maintaining an acceptable level of account security.

Sometimes (I believe), you will even get a password prompt for a "one click" purchase. Even if you don't, your one click purchases can only be delivered to a previously configured address, and to add a new address requires entering the credit card number again, and, of course, your password.


I find it less intrusive than Linkedin's soft login, which really annoys me, especially as I cant remember my password often. You can go as far as writing someone a message, then you need the password. If I can read my private messages, surely I am good to send one?


Amazon seems to be testing a new homepage design which is a little different. It actually has a drop down menu on the right side which includes "Sign Out" link. It also doesn't have the normal left side department navigation nor the welcome message as stated above. However, it still remembers you.

It seems like they are gathering statistics on this new format as I couldn't get back to it after signing out.


Has any one seen any numbers to support this actually works? What I mean is: Does using a two-step logout help users stay logged in?

I would really want to see some numbers around it. I don't think I really do understand if making the logout feature less apparent actually returns value to the site in any way.

I mean thinking a bit further, this is really not pushing users to stay "logged in" and add value to the site right?

Also I think the security issues of keeping users logged in just to keep them logged in is not really that encouraging.

Now I understand the value of keeping the user logged in, I just don't see the value of having the logout feature hidden in a menu, other than simplifying the User Experience.

If anyone has more information on this, please list them. I am interested in researching this further.



Great post, very insightful. I had not really noticed serivces like FB and Twitter had moved the logout button the way they have until you pointed this out. It is quite a clever idea, as your post suggests sites that offer a service or product require the user to be logged in to get a personalised experience. Users are less likely to logout if they cannot see it as an option.


I recall the shitstorm I brewed when I made the same suggestion as your last one (auto-login links in email) some time ago on HN.

Glad to see Quora is doing it now, too.


Incognito window.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: