In real life, people talk very differently when they're:
- around their friends
- with their family
- with their lover
- in public
- at work
So this "one identity" + "real name policy" + "privacy is dead" nonsense is just disheartening. There will always be a need for humans to keep secrets, to have separate identities, to keep the people in their lives separate, and the topics they talk about separate. "Sign in with facebook" just breaks all those rules.
Not everyone shits and showers with the bathroom door open.
This reminds me of one of my own HN submission, BTW: http://news.ycombinator.com/item?id=4160528
Here's their home page: http://www.shopobot.com/
The button to show that modal window is "JOIN NOW" with microcopy "It's free." That microcopy is the best part of the whole experience.
Clicking the JOIN NOW button brings up the modal window:
"Welcome! How would you like to sign up?"
Absolutely nothing here promises benefits to the customers. Consider something like:
Button: "Start Saving Money!"
"Save money when stores change prices. How should we tell you?"
[Login with Facebook] or [Get an email]
microcopy: "We never post to Facebook. Shopobot is totally free. You can stop getting email at any time."
Clicking "Get an email" would bring you to the signup form, currently a DailyCred interstitial, which is (at present) an experience which will not maximize conversion rates, to put it lightly.
https://www.dailycred.com/oauth/authorize?client_id=ceb6f715... <-- don't worry, I won't use that client ID, feel free to click it
That page should:
1) Remind people why they want to sign up for Shopobot
2) Have button copy which suggests value, rather than "Sign Up". Ideally, it should have copy which recalls the scent of the interaction on their page.
3) Continue providing risk-reducers like "free", "we won't spam you", etc.
If you're wondering whether to use DailyCred or roll your own login system, by the way... how much is 20 ~ 40% more users worth to you? Enough to justify the whole hour it will take to roll a login system? Good, thought so. (+)
(+ I'm sort of intrigued by the parts of their offering which do not actually sign up users and log them in. However, it strikes me that bundling them with logins is an exceptionally bad idea, and as you need them you can either implement them ala carte or plug in a provider who would let you keep control over the most important 30 seconds of a customer's relationship with you.)
Facebook is for me to chat with friends and all of us to post photos we may or may not regret when we sober up. I neither need nor want to tie any more of my life to it.
This is why I still like OpenID (eg, log in with your Google account). I know they get nothing but my name and email address, they can't touch my account at all, and nothing is public.
"When a user auths your app and you request no additional permissions, your application will have access to only the user's basic information. By default, this includes certain properties of the User object such as id, name, picture, gender, and their locale. Certain connections of the User object such as the Friends connection are also available. If the user has made more of their data public, more information will be available."
For example Spotify - still allows only Facebook signups. The first quote on signup page is of course <<"Spotify is so good" - Mark Zuckerberg, co-founder of Facebook>>. I'm definitely one who spent additional time to look for an alternative.
Edit: As parbo noticed, they actually do allow email+password signups again. I completely missed the link when checking.
Edit: Or not. They seem to know my city better than me since my postcode is both required and invalid...
"You need a Facebook account to register for Spotify"
At the bottom of the page:
Create an account using my e-mail address"
Awesome design there!
I think you meant that sarcastically, but it actually is good design from Spotify's point of view. They really want people to link their accounts to Facebook, but don't want to lose the potential users who steadfastly refuse to do so. Tailoring the language and design to encourage the desired choice is smart, even if it might not be quite right grammatically.
I think the underlying assumption was that using Facebook login would make it easier to make the site "go viral" because we could more easily spam our user's networks.
I always cringed at this idea from my own personal experience, and from anecdotal evidence from my friends.
I'm very excited that someone finally backed this up with data.
Plus, Mozilla is dog-fooding Persona all over the place, so we're personally invested in getting this thing right and keeping it working.
: Bugzilla, MDN, Etherpad, Mozillians, Metrics, Popcorn, OpenBadges, Marketplace, Add-on Builder, Flicks, and Affiliates all use Persona, with more to come.
BrowserID is new, and awesome. My fear is that a good universal login needs to support both Mobile Safari and Google Chrome on Android, and due to their childish fighting, it's unlikely anything client side can work on both, to the detriment of users and Internet security as a whole.
Desktop browsers are a lot easier (extensions, and browser choice), but mobile/tablets makes this all a lot harder than it was a few years ago. :(
However, from talking directly with some of our user's most of them are telling me they avoid these features because they don't understand what the long term effects might be. Apps who have abused Facebook and stories about potential privacy concerns in the media have left a bad impression on them regardless of what Facebook has done to 'fix' the problem.
Earbits, if you read this - PLEASE ditch the Facebook-only option. I would pay you $45 a year (50% more than what I pay Pandora) for your service, but I absolutely loathe anything having to do with Facebook, and I cannot continue to use your service if you insist on requiring them.
This way if you one day want to run far, far away from the FB monster you're already set - the behavior of your app doesn't break horrifically, and you can devise a seamless/pain-free transition for FB-authenticated users to create a password.
Because your password database is a liability. And it's a huge pain in the ass to store securely. And a breach at another site can harm your users if they re-used their password. And there's a huge amount of friction when you ask users to create and manage yet another password.
Seriously, traditional login systems suck. They're great for privacy and maintaining direct control over your user data, but they're a huge pain.
I don't want to shill, but Mozilla is aiming to address the bulk of this with Persona (https://developer.mozilla.org/en-US/docs/Persona), which will have an api-stable "beta" release in about two weeks. However, it works right now and has been deployed on sites like https://voo.st/ as an alternative to forced-social login.
Arguably it's a greater liability for a business to be dependent on a third party for a connection with their users. It means they lose important user data like email (they have to ask for it usually), they're tied to that provider, and their website breaks for those users if that third party service goes down or is unreliable.
If you store your passwords securely you can't leak them, only a hash, but I agree it's a pain for users to manage multiple passwords/identities and can lead to too much password sharing.
Persona looks far more interesting than social login as it addresses the issue with who owns controls user data/logins and does not have a single point of failure, plus it provides the email.
You can trust Facebook. Why wouldn't you? Facebook is lovely.
The idea that you should or shouldn't "trust" a company...
Then think about sending a list of all your friends, family, colleagues, your personal thoughts and commnications on personal matters, to a random, characteristically anti-social CS major you've never met. It's just plain weird. And Zuckerberg was absolutely right in what he said: we're dumb to do it. The problem is this didn't phase him one bit. He went right ahead as if it was all going to be OK. And we just kept sending him more and more info.
Granted, Facebook calls itself a company, and the situation has grown quite large and complex, but I still think of Facebook as one CS student's website. It is what it is.
You send your personal info, in some cases more personal info than you would give your personal banker, your doctor, or your lawyer, through the web to total strangers, many of them are anti-social kids like Zuckerberg, to be posted on his website.
It's a disaster waiting to happen.
PS: 2 factor for corporate account and personal email
I also like email/password signups because I get to use different emails for each service. GMail helps with this since I can use email@example.com and firstname.lastname@example.org.
For example, why have your app request the access rights to post to a user's T stream?
I signed up to a site only yesterday that gave me the option of signing in (or was that signing up - I haven't a clue...) with a yahoo account or a Facebook account, or an email address and password. I thought what the heck I'll sign in with my yahoo credentials. I then went back to Yahoo - and it gave me some message about authorisation and data sharing. What data is shared? Who knows. I didn't want anything shared, other than perhaps my email address. But why not explicitly say that?
So for me it's just a case of pure confusion, and the worry and fear that I've shared something that I didn't want to with another application - for example I wouldn't want to share my address book.
Another service I know of demands a Twitter login, as a result I don't use it. Which is annoying as I do want to use it. I can't be bothered to set up alternative Twitter accounts just for this purpose.
I guess that if I don't get it - and I have a technical background - then what hope does anyone else have? Or do punters just go about and blindly trust services with their data?
1. the trustworthiness/brand recognition of the service
2. expected behavior of the service with the data
In this case, it seems to me as if there is no value a user would get from signing up with facebook besides the convenience. Furthermore, being an e-commerce service, I would actually say offering Facebook login is counter-productive because it may be perceived as a commercial use of your data (I know its irrelevant, but you would be surprised how often I have heard this)
Also one should note that the averaging 30% really isnt that bad. 50% would mean its completely random, meaning there wouldn't be a preference either way. I wouldn't say people hate being forced at all.
For obvious reasons, this post is biased towards selling their service.
I can undestand why so many do it, they have IT on the cheap and instead of doing a local login option you pick facebook and leave all authentication down to them and there API's. But that's there choice.
Eventualy some law will pass forceing companies to allow the user to pick which social login persona they wish to use and that will be that, repeat of the whole unbundle IE affair remixed for today playing out with social media login's. We shall see, but until then everybody has a choice they just need to execute it more often than they do.
If you can accurately define who your customer is then you can tailor your user experience to fit them best.
Studies show the people that use Facebook Connect have a higher LTV and show higher engagement.
We're building a site that relies on network effects and are considering offering only Facebook authentication, with perhaps other signups available in the future. Anyone have any good case studies on startups that went this route?
I don't understand why people hate this option. If you don't like it then leave it, but it does help people like my friends and I.
> This is a better test, because the signup screen offers both options with equal weight and we have over 70,000 organic signups.
As far as the second test goes, of course the general trend will be younger people who actually use Facebook will not mind... using Facebook.
This assumes the "random tourists in Pike's Place market" are an effectively random sample. It's possible that facebook fans are less likely to take vacations in Seattle, but Occam's razor is against it.
people login with facebook when they want the experience to be social.
In addition the article isn't very good and the No - Spam option speaks more to users being wary of the application than facebook.
This doesn't seem like the typical quality of article usually voted up on HN - I'd guess people just voted it up from the link title without reading (since people love to hate facebook).
The in person survey is too small to provide meaningful numbers, but it was useful to hear real people's feedback and sentiment.
I agree that it seems weird that people would rather give their email than facebook because they "don't want spam". But that's really what they said, so that's not speculation about their reasons. And again, the survey was asking people about their experience and feelings about sites they've signed up for, not just about our site.