Login Walls affect App Growth. Do you need a login? If so, what should you track? Read about delayed vs. upfront logins, guest access vs. forced password recovery, social logins, password-less logins, fingerprint readers like touch ID, and Face ID.
Logins and identity
We identify ourselves to numerous apps, using our email addresses, usernames, phone numbers, and authenticate ourselves with password, pin or passcode, to gain access to an individualized, secure and a private experience across the devices we use. We also use social logins like Facebook Login, Sign-in with Slack or others across our apps. The Chase mobile banking app, the Spark email app, the Slack app to collaborate with teams and customers, or the Telegram messaging app to keep on top of messages between people and bots, are all examples of scores of apps we login into and identify ourselves.
With so many apps requiring an account of some sort and the strong security recommendations to use different passwords on different services including apps, leads to identity chaos which means fatigue associated with remembering too many usernames and passwords, pins or key codes.
Logins walls affect app growth
Login walls create barriers to mobile app usage, and you lose a portion of users who may have forgotten which one of their many emails they used to log in, what username they created and used for the app, and/or the password they used to log in.
How much of a barrier login walls create and how many users you’d lose depends on both the genre of your app and your app. What you do knowing, how many users you lose because of login walls, depends on your app’s security requirements and strategy. Facebook app, for instance, requires you to login to see any content. Facebook decided — years ago — to not show you any content without knowing who you are. Twitter, on the other hand, let’s users who are not logged-in, see Moments and Trends, i.e. content that is not tied to who you follow.
Numerous usability tests have shown that login-walls and account recovery workflows are very annoying to users.
Less annoying login-walls
How can you as an app developer make login-walls and account recovery workflows less annoying? With another competing app a couple of taps away, it is important to design login and account recovery workflows with utmost thought.
What can you do as an app developer to ease the pain and make your app more likable?
1. Question the need for login
Many apps need logins, but not all of them.
DOES YOUR APP HAVE TO BE BEHIND A LOGIN WALL?
Apps could create a unique identifier within the app and use that to identify a user and provide a personalized experience. The Stock Markets app, for example, needs to know the list of stock symbols a user is interested in and can keep the user engaged with charts, news and recommendations and does not need to log a user in unless the app also offers stock trading features.
Not requiring a login, may limit a user to a particular device, but you can come up with creative ways to let the user take their identifier to another device using ad-hoc connections over Bluetooth and wifi (similar to how the Firechat app can let users message in the absence of Internet), NFC tap, sending themselves a message, creating a unique subdomain, etc.
If your app can avoid the login, it does not have worry about account management and recovery workflows.
2. Track your login funnel
Assuming you need a login, what can you do to understand how users react to your login funnel?
TRACK EVERY ASPECT FOR YOUR LOGIN FUNNEL.
- How many users visit the login page and don’t continue with login, maybe because they forgot their credentials?
- How many users type an incorrect username and/or password, i.e. have forgotten their credentials?
- What percentage of users attempted username and/or password recovery?
- Was the password recovery mail/text delivered? Delivered, but to Junk or promotions folder?
- How many users attempted to recover password after the embedded recovery link expired?
- Of the users that start password recovery, how many abandon the workflow midway?
- Of the users who abandoned the workflow midway, how many come back again to the app?
- How does login abandonment correlate to when the user last used the app?
- How does two-factor authentication affect abandonment?
Of course, these seem obvious to track. Does your app track such aspects of your funnel? More importantly, Do you count users who can’t login towards daily active users? The answer matters if you do not offer logged-out support in your app.
DO YOU COUNT USERS WHO CAN’T LOGIN TOWARDS DAILY ACTIVE USERS (DAU)?
THE ANSWER DOES MATTER IF YOU DO NOT OFFER LOGGED-OUT SUPPORT IN YOUR APP
Tracking your login funnel is important for some reasons. The best practices that work for a particular app may not work for your app. For example, your app may not be suited for delaying login.
3. Delaying login
Instead of forcing a login before the user can use the app, let users use portions of the app freely till they come across a feature that requires a login.
REQUIRE USER TO LOGIN ONLY WHEN THEY NEED TO ACCESS A FEATURE THAT REQUIRES LOGIN.
Let’s take the stock markets app. The app may allow full access to public features like news, stock activity, charts, research, and ratings, but may require an authenticated account to place trades.
The mobile commerce app may let users add items to a cart and require users to login to access stored payments information.
Even Apple is known to initially reject mobile commerce apps which do allow delayed login experiences. But your app may require upfront login for some reasons.
4. Force login upfront
Yes, there are times where you want to force logins upfront, knowing your will lose some users. There are many reasons why you may want to do this. Here are a few examples:
- You are a SaaS service, and the data is owned by the user or customer.
- It costs you more to support non-paying users in a freemium model.
- You have too many users in the earlier steps of the funnel and only a few convert.
MAKE IT EASY TO RECOVER PASSWORDS IF YOU REQUIRE A LOGIN UPFRONT.
5. Guest access instead of forcing account recovery
Even if a user has forgotten his or her login, consider providing guest access to encourage the user to finish what they came for instead of requiring a password recovery.
ENGAGE USERS EVEN IF THEY HAVE FORGOTTEN THEIR LOGIN.
Instead of forcing account recovery, a mobile commerce app may choose to offer full access to the app’s features and allow users to provide payment and shipping information only when a user buys something. This may be perfectly suited for buying one-off items. The mobile commerce app may be perfectly okay operating under this guess access manner as long as they can keep making revenue from sales.
Following a “guest purchase,” the app can optionally ask for an email, phone number or push notification permission to send tracking updates. The email for tracking update could include the account recovery link, telling users why they should perform the account recovery, for instance, easier returns management. Apps should provide a reason to the user to create or recover an account.
6. Social Logins
Again, typing passwords are annoying on mobile. Many users, specially in the context of mobile, prefer to signup using twitter, Facebook, LinkedIn, WordPress or simply their phone number. [Edit: May 10 2016, Slack is also entering the social login market with Sign-in with slack]
There are advantages and disadvantages to social logins. If the advantages out-weight the disadvantages, indeed using social logins can help reduce identity chaos.
- Social logins provide one-click login, except during the verification process
- Users can revoke the access to app from the social network
- Your app has access to much more data about your users
- There are lots of users on social networks. LinkedIn (over 400 million), Facebook (1.6 billion), Twitter (300 million). Compare that to number of smart phones and email addresses. There are 2 billion smart phones as of 2016 Q1 and over 4.5 billion email addresses.
- You are out-sourcing your app’s security to a social network, which may be okay for a variety of consumer apps but not for a banking app
- Users seem to feel more comfortable with a social login than giving out their email address, because they can revoke the access to app.
- You do not have to implement server-side passwords
- If a user’s social media account get’s hacked it could cause problems with your app
- You are advertising for the social network on the first screen of your app
- Every time you show a Facebook, LinkedIn or Twitter social login you are reminding your users of another app they could be using
Social Login Do’s
Use the most appropriate social login for your app’s audience. Are you targeting Bloggers? Developers? Entrepreneurs?
- If your app is enterprise or business related, consider LinkedIn.
- If your app is for consumers consider Facebook social login.
- If you app is for entrepreneurs and developers consider twitter social login.
- If your app works only on phones (i.e. no iPods, iPads, tablets) consider login by phone number.
Social Login Don’ts
Don’t present 10 ways or 14 (warning: slow archive.org link) to login / social-login.
Don’t offer 10 ways to login!
Think about the experience for a user who has forgotten her login credentials. In addition to remembering which one of her many emails she used to login, what username she created and used for the app, and/or the password she used to login, she is now expected to remember to which social login she used!
SHE IS EXPECTED TO REMEMBER WHICH SOCIAL-LOGIN SHE USED. AVOID SOCIAL-SIGN-IN CHAOS.
Question why you should use multiple choices of social login.
7. Password-less logins
Slack does an amazing job of allowing users to login in by sending themselves and email (or SMS message) with a universal link. Once an email with a link is received by the user, he or she can simply tap on the link, and have the application launch and take over.
TYPING PASSWORDS IS ANNOYING ON MOBILE. MAKE IT EASIER FOR USERS TO LOGIN IN YOUR APP.
If you are offering password recovery, you already know how to do passwordless logins. Here is how you can implement it in your apps.
Also see password-less logins using phone numbers (or email) below.
8. Touch ID and fingerprint readers
For phones that support it, Touch ID and fingerprint readers offer a positive experience and quick logins to apps. Examples include the ADT Pulse App, which can log you in to control the alarms, cameras and lights in your home.
9. Login by phone number
WhatsApp logs users in with phone number. It verifies the user’s phone number by sending a SMS message. Twitter brings this login by phone number to apps as part of Digits.
Login by phone limits users to those who are running apps on devices that have a phone number and can get SMS messages and this is why login by phone number is not a primary method of login for most apps.
Finally, an on-boarding and login example that uses password-less login, phone numbers and touch ID
From the user’s point of view, he enters the phone number (or email), verifies with a PIN and uses touch ID subsequently. All the heavy lifting is done by the app.
Poorly designed login and account recovery workflows can drive usage down. With In-App purchases, In-App advertising and subscriptions being the primary monetization mechanism for apps, providing experiences without barriers is key to app success.
I originally wrote this for the Pyze blog: signup walls in mobile apps