Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Beautiful Authentication: Tear down the barbed wire

7b1746f5ae99453e6a67f022ec0d73bd?s=47 Tiffany Conroy
September 09, 2016

Beautiful Authentication: Tear down the barbed wire

People don’t ever specifically want to sign in or create an account – they just want the features that being signed in allows. Somewhere between upselling and onboarding, they will run into the wall around your beautiful garden, and be forced to sign in if they want to get inside. I’ll review the ways you can make sure your gated garden isn’t covered in barbed wire. Although this talk is focused on authentication experiences, the ideas apply to many other kinds of features. I use authentication, and in particular my experience with it at SoundCloud, as a case study.

Video from refresh.rocks:
https://www.youtube.com/watch?v=_qzLmsaUwOs

7b1746f5ae99453e6a67f022ec0d73bd?s=128

Tiffany Conroy

September 09, 2016
Tweet

Transcript

  1. Beautiful authentication Tear down the barbed wire

  2. Hi, I’m Tiffany @theophani

  3. Beautiful authentication Tear down the barbed wire

  4. flickr.com/photos/fallstreak_holes/14394586240

  5. flickr.com/photos/jonwiley/1465722671

  6. Tear down the barbed wire

  7. Engagement Engagement Engagement

  8. User value

  9. The act of signing in has no inherent value

  10. Some user experiences are best when they are never “experienced”

  11. Authenticated experiences have a high value

  12. Signing in is a pain

  13. Your product on the other side is the prize

  14. Aim: Pain < Prize

  15. A lot of pain = Barbed wire

  16. The case study: our old auth flow

  17. How did we know our authentication was painful?

  18. 1. Analyzing support tickets

  19. 2. Detailed monitoring of authentication endpoints

  20. 3. Usability tests

  21. 4. Tracking the conversion funnel

  22. What was the nature of the pain we found?

  23. Traps: A punishment for entering an expected situation that is

    not ideal
  24. Example Trap: Forgetting your password

  25. Forgetting your password is normal

  26. Avoid traps: Expect common non-ideal situations

  27. Doubled-edged sword: A feature that is meant to protect you,

    but can also hinder you
  28. Example doubled-edged sword: Confirmation modals

  29. Example doubled-edged sword: Passwords

  30. None
  31. None
  32. None
  33. None
  34. Passwordless sign-in is as secure as password reset

  35. Avoid doubled-edged sword: Keep the protection, remove the hinderance

  36. Russian roulette: Forcing someone to make a choice that might

    be wrong … or not
  37. Example of Russian roulette: Making people choose whether they want

    to sign in or create an account
  38. We prompt the user to identify themselves first

  39. None
  40. None
  41. Example Russian roulette: Making people pick a unique display name

    during account creation
  42. Avoid Russian roulette: Remove risky decisions

  43. Friendly fire: When your systems cause errors for the user

    that are no fault of their own
  44. Example of friendly fire: Wrong assumptions about names

  45. Example of friendly fire: Wrong assumptions about email addresses

  46. Avoid friendly fire: Look at error logs and fix bugs

  47. Crossed wires: When users misunderstand what they are doing

  48. Example of crossed wires: People started to create an account,

    but ended up signing in
  49. Confusing language: sign in / sign up

  50. We changed to: sign in / create account

  51. Avoid crossed wires: Make choices distinct

  52. What do you measure to see if you reduced the

    pain?
  53. What do you measure to see the pain?

  54. Task-completion rate

  55. Drop-off points

  56. Time to complete

  57. Usability tests

  58. Volume of support tickets

  59. None
  60. Thank you! Tiffany Conroy – @theophani

  61. None