Ask HN: Registration vs. Social Login

7 points by joshmarinacci ↗ HN
I'm working on a free online app for pixel drawing. You can use it without an account but to save work I need some sort of account system .

My question is which system do you prefer for free services: account registration, social login, or magic links.

Account registration means you are creating a new username and password to remember. The advantage is no connection to a required social network.

Social login means Facebook or Google knows everything. Plus which networks do I support? Github? Twitter? Others? How do you remember which network you used last time? Does the login page look like a NASCAR hood with so many logos?

Magic link means you put in your email and I send you a onetime link to set the auth cookie. You have no password remember or be stolen. However switching browsers becomes annoying.

So, as a user, which system do you prefer? As a developer, which system has worked out best for your user base?

6 comments

[ 3.0 ms ] story [ 26.1 ms ] thread
As a dumb user, I prefer social login. As a internet savvy person I prefer username and password (without email). And as a software developer I also prefer social login if the system doesn't have a backend (it is becoming more common nowadays) and anything if you have a backend.
Make sure you limit your social media logins... something like LinkedIn and Twitter will do. Facebook is horrible in the fact that they update usually every few months to every year and sometimes it is not backwards compatible so everything breaks.

While I do like a social media login as a user; as a developer, I hate having all of them on the website. To even have their logo on your website takes away from your own branding. This is certainly controversial and many may argue with me, but why do I need to have some other major website logo one of my most prominent pages when my logo is what I want people to remember.

The other reason I ditched the social media logins: I was spending more time making sure these actually worked, and there's no way to test it without deleting the username from the database for each and every one of them every time. And what happens a year from now when you aren't constantly checking to make sure those work? You are likely losing out on potential new users all because they see: "Hey a broken website.. I'm leaving!" I got to see it personally on HN too: someone had just launched his product, and someone noted the social media for Facebook wasn't working. This issue right here has already probably taken away the focus from the actual product. Facebook wins again!

There is nothing wrong with social media, but keeping it simple would be great. Having yet another thing to worry about when your actual product should be the only thing you should be worrying about just adds to the stress.

However, in eliminating social media for my logins, I've done something else: I've eliminated registration pages. Instead, if you go and attempt to login with an email and a password, and it doesn't exist, it will be created. If you go to login with that same email and password, it'll log you in from then on out.

For a few web apps I built, I had both the registration / login pages, but why? It's just an extra page of clutter. It's just as easy to check if it already exists and to just create it if it doesn't.

I absolutely love the "magic link" which Slack does... onetime and it tries to keep you logged in for as long as your cookie remains.

The other method I've been seeing a lot lately, specifically with bank apps: 4 digit numbers with a cookie. So I think how that works logically.. a cookie is set to remember your username, and all you have to do is enter in your 4 digit number that you setup and you get logged in after entering in that.. after all, who can't remember 4 digits?

Generally, small brands benefit from being associated with larger, successful brands. Having Facebook & Google as login options is probably better from a branding perspective, unless the audience is systematically averse to them.
Give your user the choice. Personally I loathe social login ESPECIALLY for new sites because I don't want to give them any access to my social accounts. Because privacy. But social login reduces friction for a lot of users who are less concerned about privacy.
I would ask your intended audience. You're going to get a big bias against social accounts on here that you wouldn't get elsewhere.
Is it possible to do both? I rarely use social login because I hate connecting things to those accounts. However, I know of many people who love the convenience in provides.