Alternatively, use your preferred technique.Īccept it and allow the user to log in if a user signed up using email or another SSO and is attempting to SSO with another (as long as the emails match). Prioritize the most popular sign-up method if at all possible. If your region has a popular SSO authority, like WeChat, make it available as an option. There are, however, some sub-rules you should follow within these:ĭo not include a LinkedIn sign-up form on a transactional website. For simple signups such as eCommerce or product trials, Facebook/Twitter/google sign up are the most convenient. I'm not sure why there aren't more sites that allow a single identity sign-on. Provide the option of device authorized as an SSO on the next login form, or pop up a popup in their face with the authentication request. If the user chooses to utilize the authorized proceed with the flow on obtaining the auth. Allow the user to opt-out of seeing the message again. The following is how the flow should be:įollowing a successful login, prompt the user to use their on-device authentication for further logins. Most devices have made their authentication alternatives (such as fingerprint ID or faced) available to apps so that they can use them as the authentication logic. It would be absurd to force users to utilize cumbersome email/password or SSO logins if you have a mobile app. Rule 6 Allow users to log in using their on-device authentication on mobile apps. Password managers have progressed to the point where they can detect a reset password and update their vaults. Only a few people opt to remember their email/password combination for the dozens of websites they visit. If the user desires The vast majority of people are currently using one type of password manager or another. Rule 5 Allow password managers to capture the users' login information. You do not need to type the complete combination again! See how we hopped back into the login with the password option? What are we attempting to accomplish with the login again step? Developing muscle memory? Giving the autocomplete feature the ability to update the records? You have already proven that you are the owner of the account.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |