I'm buying a product on Amazon. I type in amazon.com. I find the product I'm looking for. I put it in my shopping cart. I go to the checkout page. I order it.
Sounds like a completely normal interaction. But instead of looking at what happened, let's look at what didn't happen. I never "logged in" to my account. I never had to type in my password.
Amazon is smart. They understand that a common flow is a user, who has previously used Amazon, is going to buy a product using a saved credit card and saved address.
This convenience is possible because this is hard to abuse. If a malicious person gets access to my computer, the worst thing they can do is order a whole bunch of stuff to my saved address, which I could easily cancel or return.
They can't ship things to a different address (that requires me to re-type in my credit card number). They can't access my order history (that requires a password). They can't change my email address or password (requires a password). There are a number of other anti-fraud measures they probably have enabled that I am unaware of (e.g. maybe password is required for extremely expensive items or if I'm located in a different country).
What is the problem with passwords?
Login prompts are annoying
People often forget their username and/or their password. If they are on mobile, typing an email address or complicated password is extremely inconvenient. If you've forgotten your password, doing a "forgot password" flow on mobile is a disaster.
Password fields hurt sign-up conversion rates
I don't have a precise number to quote for you (and every conversion form is different), but I have seen large conversion increases in multiple sign up flows by doing one and only one thing: removing the password field
Compare these two sign-up forms:
I'm not sure the exact psychology behind the difference in conversion rates, but I suspect it has to do with the fact that one of them is just asking for information and the other one feels more like creating an account (it also doesn't hurt that one form is shorter and simpler).
But users need passwords!
Yes, passwords are necessary to prevent random people from either accessing private information or doing bad things. However, there are many common situations in which these don't matter:
- Initial sign-up: there is no need to authenticate the user
- No private information: You have yet to collect any private information
- No bad things: There are no bad things that are possible (or those bad things are easily reversible)
- Via email click: If you have a "forgot password" feature that allows people to reset passwords via email, then in theory access to an email roughly proves their identity
Password prompts on sign up flows
It might seem strange, but a sign-up flow in which people set the password as late as possible (or never at all!) are generally going to convert at a higher rate. You also will increase the amount of partial information you get which allows you to remarket to potential users.
Compare these 3 exits on a sign-up flow:
|Flow #1||Flow #2||Flow #3|
|1. Email/password form – exits||
1. Email form – submits
2. Further info form – exits
1. Email form – submits
2. Further info form – submits
3. Set password form – exits
|Well, you are out of luck||You can now market to the user via email: "Just one more step to start using our great service!"||
You can now market to the user via email: "Get started using our
If you product can be used via email, you don't even need them to set a password, just log them in via the email click.
Why don't more sites do this?
I suspect the reason is that site developers (who are generally power users), don't run into these problems often and forgot about how inconvenient a poorly timed password prompt can be.
But many popular sites that care about optimizing common flows actively use different techniques to prevent password prompts:
|Site||Long term cookie||Prevents access to account info||Prevents modification of account info||Login via email click|
While Amazon uses a more granular semi-authenticated state, both Groupon and OkCupid simply keep a user logged in for a very long time (1 year+), but require a password to change key account information. Simple and effective. OkCupid simplifies their process even more by automatically logging you in from every email click.
But my favorite site is craigslist. Craigslist has two entirely separate modes for using their site. If you are a power user, you can login to your account and use that to manage/create multiple postings. However, if you are a non-logged in user and create a posting, craigslist sends you an email with an authenticated link for verifying, editing or deleting your posting. In the standard flow they don't even highlight the ability to create an account. Again, simple and effective.
How can you improve your site?
DisclaimerThese rules do not apply to everybody. You need to evaluate the individual needs for your site. If you are a bank, your authentication and security requirements are going to be different than if you are a classified ad site. The tech-savviness of your audience is also an important factor. I suspect a more tech-savvy audience is less concerned about password prompts.
I realize that there are also security trade-offs, but it isn't a coincidence that the #1 online retailer, the #1 classified ad site, the #1 daily deal site all trade-off a slight amount of security for convenience.
With that said, here are some ways to make common flows more convenient and reduce password prompts:
An email/password prompt should not be the first thing on your sign-up form. OkCupid is a great example. Notice where the password prompt appears in the flow. For a no-password example, create a posting on craigslist.
Use long term cookies to keep people logged in. Like Amazon or Groupon, if somebody has logged in once on a computer, let them do common hard-to-abuse things without a password.
Log users in from emails clicks automatically. Like OkCupid, if users are going to be doing a lot of non-sensitive interactions directly from email, don't throw a username/password login in their face after clicking an email.
Discuss on Hacker News
Special thanks to Colonel Sanders and the Trix rabbit for reading drafts of this post.