Sign in, or “login”, is vital for many web business since their entire userbase has to go through this step regularly. So here’s 8, 9 ways to simplify your sign in process.
Before we move on, I’d quickly like to thank everyone who contributed to last week’s related article: 19 ways to simplify the sign up process - which quickly expanded from 9 to 19 ways. Thanks for all the great ideas and discussions in the comments.
And now, to the list.
Generally, place your sign in form at the upper right corner, since most users will look for it here. Big services like Facebook and Twitter has certainly helped define a standard here.
If you only got space to clearly highlight either sign in or sign up then consider storing a cookie on all computers that tells if the visitor has ever signed in to your web app, and then dynamically choose whether the sign in or sign up form should be highlighted.
If your layout calls for it, you may want to show the entire sign in form directly on your home page. (See Facebook image above for an example of this.)
However, if you use a “Sign in” link instead, yet your sign in form is still relatively simple (as most are and should be), then just reveal the sign in form when the user clicks the link – no need to redirect the user to a new page altogether.
Name the label “e-mail” if you use the user’s e-mail as account identifier (tip #1 from the simplifying sign up article).
If you use usernames instead, and you allow for special characters in the username, then suggest to your user that they might have used their e-mail address.
If you force your users to use a non-standard password by requiring numbers, minimum X characters, or a capital letter in your password, then tell them so directly at the sign in form, or at the very least when they get a password error. This way users don’t waste time trying out their 2-3 standard passwords that don’t fit the rules anyways.
Trying to guess the password is impossible if your user have typed the wrong username. And vice versa. That’s why it will help immensely if you tell them whether it’s the password or the username that’s wrong.
There are exceptions where security is more important than the user experience (financial applications, sites that got credit card info stored with the account, etc).
Place the “forgot password?” link to the right of the password field or below it - don’t make users go hunting for it.
In case the sign in name is an email address the “forgot password?” link can be a one-click solution, where an email with the password reset is sent automatically when clicked, instead of the typical “forgot password” page with a new e-mail form field and button.
Remember your user’s sign in session for at least 14 days. For most sites you can probably remember it even longer, especially if you prompt for the user’s password gradually. E.g. asking “auto-signed-in” users for their password when they try to edit their email, password or credit card information. This will increase security while still keeping the everyday user experience frictionless.
“Single sign-on” is a huge benefit to the user experience. Being able to reuse the same user across all your services means less time signing up, less passwords to remember, and less time spent signing into your services (if a user is signed in to service A then he should be able to reuse that session in service B without retyping his credentials).
A variation of this is to allow your users to use services like OpenID and Facebook Connect.
Do you know other tips to simplify the sign in experience? Then share in a comment.
Join 22,000+ readers and get Baymard’s research articles by RSS feed or
Topics include user experience, web design, and e-commerce
Articles are always delivered ad-free and in their full length
1-click unsubscribe at any time
On tip five, “Let me know whether it’s my username or password I mistyped”, I have to disagree.
I was a big advocate of all these items, until very recently when my mind changed on this single item. Not for all sites, though: for a large amount of sites, maybe; for a small amount, definitely. Why?
“Ok, let me see. Back in 2005 a friend sent me one of these [dating site “crushes”] anonymously. I didn’t want to guess on the site who it was, but I wanted to know who it was. They had this feature where you enter your email if you forgot your password. So, I thought to myself, not many of my friends would know about this site and whoever it is was probably the only person of my friends to be on it. So, I enter the list of female friends to recover their passwords[Just finished my undergrad, had loads of free time]. If they weren’t on it the site came back with an error message. In the end, I came across one person who it was successful for.
Point being be careful with your error messages they might give away your users anonymity."
As someone says later in that thread, you have to be careful with your data leakage. This tip can become a privacy issue.
Glad you share this reflection. As you point out here, and as I did in the article, tip #5 dosen’t work in every single case: my case were banking and sites with credit card info stored in the account, yours is dating sites. In most other examples however, the relative little decrease in privacy/security will be worth the increase in user experience. The privacy concern of somebody spending a lot of time can find out that e.g. I use friendfeed or that Baymard have an adroll.com account is relatively little, compared to the greatly decreased sign in experience.
If you have any special password rules or dosen’t allow your visitors to use their email address as their username the importance of tip #5 increases, as the amount of sign in difficulties your users will have increases.
Thank you for all tips, I will follow these :-)
Some of the tips are not so easy to build in a CMS systems like Joomla.
I hope the CMS programmers read your articles ;-)
Glad you liked it – hope they reads it as well:)
Let me know how the ones that you did implement worked out.
One way we at http://suplify.me make it easier for the customer to log it, is that a user can log in with several email addresses because we have encoutered, that usually more than one email is assigned to as user.
Thank you for a great article (and a good continuation of the previous post)
I would add “Let me sign up and login with details from a social network” to this list. Having the option to sign in using for example your Twitter, Facebook or Google account can give a quicker process for either, you have fewer username/password combinations and of course you feel like it’s a smaller step to take than if you have to create a completely new persona for every network.
Just like a couple of your tips, this is of course not advisable for every site – but if you don’t need much data about your users or a very high security, you can simplify both for yourself and the users by adding signup/login from the social networks. I have implemented a very simple signup/login option at wine website http://WineTravelr.com using JanRain (WineTravelr is a work in progress, so logging in doesn’t give you anything special at the moment) – this was done in a couple of hours and gives the option to sign up or login using one of the six most popular services.
Glad you liked it, and thanks for sharing.
Thanks for this great post. All great suggestions!
© 2021 Baymard Institute US: +1 (415) 315-9567 EU: +45 3696 9567 firstname.lastname@example.org