Oct 2, 2012
Social Login Buttons Aren’t Worth It
I stumbled across a very disturbing number in our analytics earlier this year. From April 12 to May 12, 2012, we had 340,591 failed login attempts. That’s the total number of times someone tried to get into MailChimp to get their work done and couldn’t remember their username and/or password, or simply mistyped. Think of how much wasted time and frustration that translates to. It’s impossible to calculate, but let’s just say it’s a lot. Of the people who struggled logging in, 68,145 had to resort to resetting their password, and 38,137 had to get a reminder about their username.
These numbers were depressing to the User Experience team. Surely we could do better, right? We set to work researching login design patterns to see what other apps are doing to grease the wheels. So many apps these days use social login buttons to “Log In With Twitter” or “Log In with Facebook.” These login methods are popular because with millions of users on these massive networks (as I pen this post Facebook has 955 million users, and Twitter has 500 million), many of whom log in each day (58% of Facebook’s users and 50% of Twitter’s users log in each day), adding social login buttons to your form should dramatically decrease the number of login failures. Click one button, and you’re in.
These compelling stats and sound logic convinced us (and so many others) that adding social login buttons to our app were essential to improving our depressing failure rate. So in May of this year, we added "Log In With Twitter" and "Log In With Facebook" buttons to the login form. Failure rates plummeted. From June 12-July 12 we saw 114,239 login failures—that’s a 66% decrease. Amazing! And there were 39,721 password resets, a 42% decrease. Holy cow! In the month that followed, failures dropped an additional 5%.
"I feel strongly about this."
I was blown away and dumbfounded by the value of social login buttons. It was a big win for the UX team, and our customers. Then I got an email from Ben Chestnut, our CEO.
"The login screen is the first impression people have when they use our app, and their first impression is too many options. I’m always a fan of a measured approach, and I rarely ever dictate a big change like this, but I’m extremely repulsed by all the buttons and I want to restore simplicity. I feel that strongly about this."
I was, um, not super happy to get that email. I presented my data, and made the case for keeping the buttons, but Ben wasn’t moved. Even though the social login buttons were bound for the grave, I did a little extra analytics footwork to see just how many people were clicking the social login buttons. I was shocked to see that just 3.4% of the people that visited the login page actually used Facebook or Twitter to log in. So what caused the huge drop in login failures then?
While researching login patterns in the wild, we also watched some users on our login page, and pinpointed a few smallish things we could change to make getting into the app easier. Our old login form told users, "Your username or password is incorrect," when they may have the username right, but the password was incorrect. If you have 4 possible usernames and 4 possible passwords, you have 16 possible combinations between them—only one of which is correct. That means in this scenario, the user would have 15 chances to make an error when logging in. But when you know specifically that your username is incorrect, odds of failure drop precipitously.
The engineering team, ever mindful of security, argued that being generic about username and password errors makes it harder for bad guys to guess usernames by pounding the form with random words or email addresses. But after some further consideration, we decided that it was a false risk, as the username reminder form already tells you if a username exists, and is not a significant security risk for the bajilions of sites that have them.
So we split the username and password errors so the form would tell users exactly where their credentials are incorrect. And we added some better messaging in those errors, linking over to the forgot username or forgot password form giving people a better pathway out of the failed login loop. We made some other small changes too, but none that were likely to contribute to a big drop in the login error rate.
The secret to our success
So that big drop in login failures? It was all caused by better error handling and copywriting. That’s it. It wasn’t the social login buttons, though they did make a small contribution to our lower login failure rate. But if they help at all, why kill them? Even a 3.4% drop in failures is worth having them there, right? Maybe not.
Social login buttons can hurt brands
There’s been a great deal of bad press around both Facebook and Twitter as of late, tainting their brand perception, though not their user counts. The IPOs and APIs of other companies are beyond our control, but we place ourselves in a position to feel some of that bad brand juju when the logos of other companies sit next to ours on the most popular page in our app. There’s an implicit affiliation there. Call us control freaks, but we built this brand and we "feel strongly" about shaping its direction ourselves. One logo on our login page is enough. Who the hell wants their app to look like it was designed by NASCAR? Oliver Reichenstein made a case for ditching social share buttons a while back, and many of his arguments hold true here too.
Um, how did I log in last time?
We’re all using tons of apps these days on our mobile devices and desktops, many of which are using these social login buttons. Sometimes you log in with Twitter, sometimes with Facebook, sometimes with a username and password specific to that app. It’s hard enough to remember your username and password, let alone which service you should bloody use to log in. As you add login buttons to a page, you also add decision points for users, while creating visual complexity in your design. The marginal gains in login rate are chipped away by the additional cognitive load you’re adding for your users.
If you’re using Twitter and Facebook for signup too you’ve got a bigger problem. A user’s credentials are then bound to another account on another service that could be canceled at any time, breaking access to your app without the user knowing. Unless you require a username and password for your app then pair that with credentials from a social network, you’re creating opportunity for confusion and frustration for your users.
Social login buttons put security in someone else’s hands
What if Facebook or Twitter were hacked? Your social profile would be at risk (the sun would still rise tomorrow), but so would any other account on other services that are connected. That’s a little scary. Yes, Facebook and Twitter are good at security, but nobody, NOBODY, is perfect. Social login buttons delegate control of your users’ credentials to another service, rather than ensuring security yourself.
Is it worth it?
There’s a strong case to be made that as Facebook and Twitter have amassed such huge user bases we should take advantage of the fact that so many of their users are already logged in and just one click away from entering your app. I know that argument all too well, because I made it to my colleagues. We tried that experiment, and found that while there are some marginal improvements to login failure rate, they come with a price.
Do you want to NASCAR-up your login page? Do you want to have your users’ login credentials stored in a third-party service? Do you want your brand closely associated with other brands, over which you have no control? Do you want to add additional confusion about login methods on your app?
Is it worth it? Nope, it’s not to us.
Update: October 4, 2012, 11:15AM ET
Man, we’ve gotten some great comments on this post. Several people have pointed out the irony of our comment login system on this blog, and we laughed too. Yeah, we see the irony there, but I think it expands the conversation further.
Although the data and design philosophies we’ve presented here made a case for not using social login buttons on our app, we don’t want readers to take this as gospel. Some apps, as Matthew Smith deftly pointed out in the comments below, stand to gain quite a bit from them, especially if they’re targeted at individuals, not businesses as MailChimp is. Social logins also have some value on mobile, where recalling a complicated password is inconvenient, as Ed Lea and Erica Burnett mentioned in the comments. And Dorian Taylor gave us a great summary of the balancing act we all face when data and gut colide.
Blog comments, like the massive stack you see below, can be enriched by pulling conversations from Twitter and Facebook into one spot, letting people make their voice heard on many platforms quickly and easily. We’re using a WordPress plugin called Social that we developed with the fine folks at Crowd Favorite. It could not work without social logins.
Although we weren’t trying to be ironic or clever (read "stupid") by following this post with social login buttons, it accidentally steers the conversation in a new direction. When is it appropriate or inappropriate to use social login buttons? Sometimes it makes a lot of sense, and other times it’s just not worth the trade-offs. But don’t use them because they’re on every other popular app. Use them because they serve a purpose for your business and your users.
It’s convenient to see answers to big problems in black and white, but truth almost always lies in shades of grey. I think this blog post has been popular because it questions common assumptions. It’s always good to question (even the conclusions we’ve arrived at here). That’s how we learn. That’s how we make better things.
Tim
Love the post, makes a great point! Only thing that undercuts it are those two buttons right above this for blog posts. Facebook and Twitter logins! Though I’d guess blogs operate much differently in terms of UI. Thoughts?
10.02.2012
Aarron MailChimp
Yeah, it’s a valid point. We’re using a plugin on our blog called Social that we built with the folks at Crowd Favorite because we saw our blog comments heading to Facebook and Twitter. For blog comments, we’re willing to suffer the social logins so people can talk to us in the channels they’re accustomed. The blog is at the heart of our community, and communities gather in social spaces.
But logging into or signing up for the app is another use case all together. That’s where we feel like we’re giving up too much control. That’s what we’re trying to spark a conversation around with this post.
10.02.2012
Steve Fitzpatrick
I disagree with some fundamentals with this article.
First of all, if Apple gets negative press about copying Samsungs technology, do you go and throw your iPhone in the lake?
Your statement about negative press with Twitter and FB is drawing the same long bow.
Also, this article has assumed that YOUR current login method must stay. If you want a cleaner interface and less failed login attempts then just change your login page to a Facebook login button.
In the rare occasion that people don’t have a FB account then they need to create one to log in. And saying security is an issue using FB or Twitter login – paaaaahhhhhlease! I’m sure FB is spending as much or more on their security as MC.
Next time I wouldn’t try to defend your CEO’s bad decision making.
10.02.2012
Aarron MailChimp
Hey, Steve.
Not sure the analogy of iPhone bad press lines up as it’s a personal product that’s not influencing another brand. For us, the act of associating big brands with ours in the most popular page of our app feels a little dangerous. And placing our security in the hands of companies we have no influence over is definitely dangerous.
10.02.2012
Dave
So, Steve, you’re saying I’d have to sign up for something I don’t want in order to sign into something I do want? That’s terrible UX… Glad Aarron has our backs!
10.02.2012
Priit Kallas
I agree with you Steve. I would add that if they just switched to FB/Tw login in a site that has used user/pass combo forever and get 3.4% to use it. Hmm… The other question is: how many of these 340k failed logins would start using FB/Tw in a few months. I think MC just decided f*** users our CEO has an idea and he even doesn’t need data to support it. Let the hundreds of thousands suffer.
10.03.2012
Ben MailChimp
FTR, here are other ideas I had, which our team implemented without any supporting data:
I should probably add “quit job and started company called MailChimp” to the list of non data-driven decisions. Heh.
Hell, I’ve been told that I’m on this earth due to a purely illogical decision made by my parents 30-something years ago. So I’m basically a walking, talking blob of passion and illogical-ness. Spock would f***’ing hate me. But I’d hug him anyway.
That’s not to say I avoid data-driven decisions. I’ve invested heavily in data initiatives: http://emailgenome.org/ and we’ve produced some good research from it (https://blog.mailchimp.com/tag/data-science/ and http://mailchimp.com/resources/research/), which is now driving our product development.
For sure, gut calls are no way to run a business (or so I’ve read). Which is why I’m glad I have a smart team of people who balance me out and use data to drive *most* of our everyday decisions. Gut calls (from everyone, not just me) point us in general directions but we use data and analytical thinking to get us there. I think as much as we all hate to admit it, emotion and gut calls are a big part of our everyday decision-making process. Some say we decide with emotion, then use data to explain our decisions after the fact (they didn’t provide any data to back that up, though).
10.03.2012
David Whitehouse
To be fair Priit has a point. In just a month you had 3.48% of your visitors using those buttons. That could have grown…
Seems to me that you ignored what your data and your team was telling you.
Remembering all my passwords is a pain, every single website that allows me to login with Google (gmail not apps) I do so.
10.03.2012
Kyle Faber
I agree with MC’s overall decision in the end. It’s amazing what face value can give to you and only when you dig in, you can find true causes / the root of problem / etc.
Ultimately, while the decision may upset or put-off some, I think that the decision was a sound one. It’s not saying “F-U” to the 3.48% of users – they can EASILY create a new account within MC. A service they actually want to use.
Cleaner UI trumps whiny, lazy people’s complaints any day, IMO. Keep it simple, keep it clean, and keep the service running as smoothly as it should and you will have a great brand reputation. Start relying on other services to *maybe* increase your sign up / sign in percentages and fall subject to their potential failures or changes and then you’re screwed. And have a bad rep. And have even more angry customers than if you never did it.
Sounds like the ratio of risk and reward are in favor of their deeper analysis and final decision.
Props to you, MC, for delivering such a well designed, well supported, and fun-to-use product. We love it. Keep innovating with your gut and supporting that innovation with your data. You rock.
10.03.2012
Brant Day
Great response.
The problem I see with relying too much on data is just what you’ve highlighted…lack of creativity and exploration. Data is not a decision maker, it is merely a tool which drives conversation and exploration. Data, no matter how good or reliable, is merely data. As humans we are driven by emotion, yes even those who feel they are purely “logical” beings. No such thing my friends. We are products of our culture, family, etc. Are we defined by those things? No, of course not, we have plenty of space to move in there but we are not free from them, they have their influences.
The ability to analyze data or to make instinctive decisions has always been and will always be part of life. It doesn’t mean that its the best way to make a decision but pretty much everything we have and enjoy was based off of a gut instinct, a creative exploration, some guy quitting his job to follow a dream.
10.03.2012
Danny
In our work, we don’t follow our gut enough, because most people are more comfortable with “data-backed” failure than taking a risk for a gut-driven decision even if they’re convinced of that decision.
We definitely need to take data into consideration in our decision, but we have to also understand that although the data can be objective, the interpretation of data is not.
06.10.2013
Aarron MailChimp
That’s not at all how things work at MailChimp. We have unprecedented freedom and control of our work. This article on FastCompany sums it up well: http://www.fastcompany.com/1767793/creative-cultures-mailchimp-grants-employees-permission-be-creative as does this excerpt from David Gray’s book The Connected Company: http://www.fastcompany.com/3001275/experimentation-new-planning.
We have lots of small, autonomous teams that connect and collaborate at will. We come up with tons of ideas for features and brand new projects often seeing them through to the end without having to seek permission from head honchos. As the CEO, Ben acts as a curator, not a dictator. He lets ideas flow, contributes as a peer, and goes out of his way to foster big ideas that have great potential. On rare occasions he does step in to redirect when ideas go astray of the grand vision for the company and products. But when he does ask us to rethink our direction, he does it with respect.
If Ben were tone deaf to our customers you wouldn’t find him personally responding to them here on our blog, Twitter, Facebook and meeting them in person every day.
People are passionate about MailChimp (http://www.flickr.com/photos/freddievonchimp/sets/72157626181753742/) because they can see that everyone designing, building, and supporting it put their hearts into their work. That doesn’t happen when you have leadership that doesn’t care about the individuals in the team or the customers they serve.
10.04.2012
H.
When someone has facebook login exclusively on their site/app, I refuse to use it. I know I am not alone in this too. I don’t want every single thing I do linked to facebook. I also know a number of people who don’t have/deleted their facebook. Do they just have to get screwed, then?
10.05.2012
BenBrocka
I think it depends a lot on use more than any absolute what’s better. As you said in the comments here, social actions like blog comments make more sense tied to Twitter or Facebook. Lots of other services that are social rather than pure-business/functional need social logins for other reasons. But as long as you keep your login simple (email, password, nothing else please) I’m fine without social logins for many apps.
Also, I trust Twitter and Facebook’s security more than 98% of businesses out there. I trust Google’s more than 99%. In most cases, security being in someone else’s hands is a feature. I trust Twitter isn’t storing my password in plaintext. When I’m signing up for a new site I rarely have any form of trust (hence I often don’t sign up).
It may be that more people try and hack Google and I have more to lose if Google gets hacked, but Google is one of precious few companies I trust to know what they’re doing. LinkedIn? No. Sony? No. If I can’t trust them, why would I trust a site I just heard of and wants my credentials? Unless I have good reason to believe your company really has it’s stuff together for security, I’d trust them a lot more than you as a random website.
Great info about exposing whether a username is correct or not though; I’ve been trying to argue that hiding that info is just a pain and not a real security problem for a while. Good to know your testing backs that up too.
10.02.2012
baronvonrolo
The only reason I’m bothering to post this, is because I was able to login with Twitter, which should put you in good stead for understanding my opinions here.
I value the security of my list and thus have a crazy strong MC password that can take me a few tries. The remember me button just doesn’t seem to work (yes, I’ve tried different browsers, clearing cookies, sacrificing a chicken at midnight over the full moon etc… – still didn’t work). Having those social media login buttons on there require me to only remember Facebook’s crazy complicated password and have access to the other useful apps that are associated with that account – Facebook’s remember me button works – almost a little too well at times.
I find the security issues you’ve mentioned to be trivial – it’s facebook, surely they’ve got a much larger team, neigh legion, of security experts than Mailchimp? If not just because of the sheer world-wide outrage a proper Facebook security breach would cause.
I find saying “too many confusing login options” to be a little patronising too. You honestly believe that a Username and Password box increases in complexity that much if it has a Facebook and a twitter logo underneath it? My goodness, how will we solve this impossible rubix cube that is 2 extra buttons visible on a large portion of the other sites I visit?
What you call “too many confusing login options”, I call ‘choice’.
Hells, why don’t subway just start selling ‘A Sandwich’, that’s just cheese and ham with lettuce. After all, all of Subways’ sandwich options are too confusing for the discerning sandwich consumer.
I just can’t help but feel, that I’ve been screwed out some rather useful login options, just because someone at MailChimp doesn’t like the way it looks. This blog basically says “we don’t want Facebook and Twitter’s logo ruining what our site looks like”.
In future, if you plan to do this, please have this discussion of how it’ll make you look first, so we users don’t end up getting a new feature, only to have it taken away, with some pretty spurious arguments as backup.
10.02.2012
David Hickox
Social logins are great entry options. They allow you to try out a service without the burden of creating yet another account to remember. But on return, they create even more confusion– is my account through Facebook on this one or my email address? I’ve found that social logins compound the frustration of trying to remember how to access your information.
I also think it’s pretty humorous that the first options in this comments area are “sign in with Twitter” and “sign in with Facebook.”
10.02.2012
Caroline
So, if social media logins don’t work for MailChimp, then why do you have them to login to post? Really doesn’t jive well with the validity of your stance. And just so your UX team knows, I did not use them to login now!
10.02.2012
Aarron MailChimp
The irony is not lost on us, Caroline, but see my commet above for an explanation.
10.02.2012
Sebastien
Very good article. It shows that we have to really dig into numbers to analyze them better.
More important is at the end what is the objective of the page and the values of the brand.
10.02.2012
Sylvia
Love the post. As you know, it can make a person (me) crazy trying to remember the combinations of usernames and pass codes! Thanks
10.02.2012
Tom Petryshen
Great analytical approach to uncovering the true issue behind the drop in failures.
The other factor with many plug-ins that most publishers fail to realise is that the plug-ins are leaching your user data and selling it to anyone wanting to buy it.
10.02.2012
Robert Archer Hobson IV
Is it worth it? nope, its not to us. Log-in with facebook to comment, hahaha… love it.
10.02.2012
Lora
Perhaps this isn’t the best example. On a site where you’re logging in as a person, sure, but unless you’re using MailChimp to manage your personal email newsletter (which seems a little unnecessary) you’re probably doing it with some sort of business function, meaning unless your business is tied to your personal Facebook account, you wouldn’t use that to log in. Maybe I’m in a small percentage here, but I treat MC as a business tool, not one I want linked with my personal online doings. I have other staff that back up for me when I’m away, and I wouldn’t want them to have to use my social media login to get into MC. I would say this was a poorly thought out feature-add, so your assertions that the buttons are “not worth it” is specific to this case, not universal.
10.02.2012
Aarron MailChimp
You bring up good points, Lora. There’s a disconnect when social logins are used on business-focused apps. What were’re presenting here is our findings and making a case that for us, it’s not the best route. We want to spark discussion on why we (the people of the interwebs) use these tools and question if it’s worthwhile. Some will find that it is (say, Pintrest for example). But it’s healthy to question it and know that there’s a price to be paid.
10.02.2012
Matt
In my personal opinion the signing in with Facebook is a terrible way for a user to sign up for an account. Forcing a user to sign up to a different service to access yours is just idiotic, and not customer focused. That means before signing up to your service, I have to read the Terms & Service and Privacy Policies for that of a product I do not want or need. Not something anyone would want to read through.
This blog post picks up on the great points on the storing of information, what happens when a user deletes their social network account etc, all valid points. I hope more sites start waying up the pros and cons and get rid of them. (Look at Spotify as an example to, their forum was flooded with angry people, they have reverted back to allowing email address sign up now as well as Facebook, but still, proof that the sign in with Facebook is not a full proof way to access an app).
On a last note, if I hear one more person say ‘it’s Facebook, there security has got to be great” I’m going to scream, the internet is not full proof, hell even the FBI is not full proof in terms of security, as a user I want full control over my information with the company I have shared it with. If you wanted your details deleting you would have to contact MC and Facebook, and lets face it, Facebook are not too fond on deleting user data.
10.02.2012
mikeschinkel
“Forcing a user to sign up to a different service to access yours is just idiotic” Did Aaron or anyone else discus forcing Facebook or Twitter to get to MailChimp? I only read them being referred to as an optional method of logging in. Seems like that concern is just a strawman in this thread…
10.02.2012
Ben MailChimp
Right, new users were never allowed or prompted to create a MailChimp account with social credentials. You always had to set up an account w/the usual username+password, then we gave the option later to sign in w/social network credentials.
10.03.2012
Matt
My point there was included in view of the general argument for and against them, not just MC’s involvement, although MC have never removed the ability to sign up with a normal email address, some companies have and have relied on the Facebook and Twitter sign in options. That’s why I stated it in my post.
I didn’t realise however that users were not given the option to create an account in the first instance with social network credentials, having already had a MC account I only ever saw the login screen that is shown in the post, so apologies for assuming you could do this, my error. Looking at the bigger picture in play here though, my point still stands for those companies who do allow users to sign up in that way.
10.03.2012
mikeschinkel
Sad to hear it, that’s a big step backward for me.
I’m always relieved when I see a “login with Twitter” button because it makes it so much easier for me. What to hear irony? I logged into this blog using the Twitter button, so easy!
Maybe the solution is not to disable it but make it visually more appealing? Of course that might run afoul of Twitter and Facebook’s guidelines….
10.02.2012
Chris Johnson
But there is a reverse perception: you guys have build a BRAND. Best brand in email marketing. MailChimp has real, live brand equity everywhere and can get away with it. For some smaller apps, having FB/Twitter logins is like saying “see, you don’t have to trust us, you can trust Twitter instead.” It’s a valid, intentional choice.
10.02.2012
millsjef
What percentage of new users used social login vs native login vs existing users? BTW, I used the login with twitter button to comment.
10.02.2012
temafrank
My reluctance to sign in to anything using Facebook is that it often ends up posting things on my page about where I’ve been/what I’ve been reading. I’ll share that info if and when I choose to. So far Twitter doesn’t seem to do that (but if they ever start, I’ll stop using it to sign in to other services too.)
10.02.2012
Aarron MailChimp
+1
10.03.2012
joshkerr
Meanwhile at the end of the post there are social login buttons to sign in and leave a comment.
10.02.2012
Jason
Excellent article, but I think that your User Experience team should examine and one more aspect for your site related with the login: each time when I’m logged in and for some reason open mailchimp in new tab – guess what? The homepage doesn’t indicate in any way that I’m already logged in on the site. Just a small link to my profile will be enough. But now users have to click on the login button again and again and… This is a little bit frustrating and maybe thats why the site has so much failed login attempts.
10.02.2012
JohnM
Now if Mailchimp can just remove all the Retweet garbage posts from being visible on your blog page, your customers could once again have meaningful, interactive discussions!
Comments with “RT:” in them are not useful, ever. At best, they’re a clumsy technology solution to the notion of conversation the twitterverse, and in most cases, are simply people trying to drive traffic to their own content. In no case are they useful for other Mailchimp customers to read, and have turned this once useful blog comment area into a mess that I seldom bother to scan any more.
10.02.2012
Kareem
What do you guys use username to log in? There’s no identity aspect of Mailchimp – seems like you could simplify the experience a lot by using email address instead of username.
10.02.2012
Aarron MailChimp
We debated that internally too. But we have a bunch of customers that have more than one account. If email is the unique identifier for a user, we’d create a tricky situation for some folks.
10.03.2012
PJ Brunet
Sadly, the end of your article has two buttons: “Sign in with Twitter” and “Sign in with Facebook”
The horror!
10.02.2012
Dave
I would like to know how you measured this “The marginal gains in login rate are chipped away by the additional cognitive load you’re adding for your users” Additional Cognitive load? Whats the metric? Hesitation to click? Hesitation to submit login? Form Engagement stats before and after? I saw the test the day it rolled out, said to my work mate. Looks like MC are giving some extra options on the login Screen. #Greatjob.. Having them there is not a distraction and it looks like some mild fuzzy thinking going on here..
10.02.2012
Aarron MailChimp
I don’t have a stat on time to login with and without the social login buttons. But when three choices are present instead of one, there’s more work the brain must do to take action. “Did I log in with Twitter, Facebook, or a username and password from MailChimp?” It adds millisecond delays across millions of users.
10.03.2012
ginarau
Full disclosure: I work for Janrain, a provider of social login technology, along with other solutions.
In our experience, social login is 5X faster than registering with a traditional registration form, especially when implemented in the optimal fashion where the site is pre-populating data fields pulled from the user’s profile. Since most social providers pass along a verified email address, there’s not email validation required which is another registration hassle for users.
10.03.2012
Kalail
Good points. Question. How do you feel about using something like Mozilla Persona for logins?
10.02.2012
Aarron MailChimp
It looks promising. We love the experimentation that’s happening around login attempting to preserve security and improve usability.
10.03.2012
peter chon
I think people reading opinions like these and immediately implementing it without due diligence is the problem. I mean look at all the sheeps re-twitting this post! half of em probably didn’t even read the entire post!
You mentioned early in your writing that you read somewhere that social login helped, so you tried it – how is this different then someone reading your post and automatically ditching their social login button?
Instead of your misleading headline about social login not working, it should say “DO SOME RESEARCH ON YOUR OWN.”
10.02.2012
jive
Other than to plaster status or tweets, I dont see the benefit of social media logins other than to make it easy and not have to remember an important login.
10.02.2012
johnhenrymuller
“The marginal gains in login rate are chipped away by the additional cognitive load you’re adding for your users.”
^ I like this.
(in a non-Facebook-button sort-of-way, of course)
10.02.2012
Dorian Taylor
I used to work at a (now defunct) federated identity provider (way back in 2005 when nobody knew what that was), so I view these topics with great interest.
I like the NASCAR allusion. There’s a Schneierism where he says something like there’s no technical reason why we can’t all just carry around one card for debit, credit, customer loyalty and everything else, but it’s the brand marketing interests of the issuing entities themselves that stuff our wallets full of plastic. Granted this example is chiral to yours, but the same motivation is at play: having your users log in with a third party is an opportunity for that third party to market to your users.
Mr. Chestnut has a point: From what I can tell, at MailChimp it’s important that your relationship with your users is between them and you, not them and you and Facebook or Twitter. And that’s not just a naïvely self-interested perspective either, but a much subtler one: it’s disingenuous to coerce users into a relationship with a third party because it’s convenient for you—users can smell it. As the hangover of Web 2.0 finally subsides, abstaining from hauling in every widget provider under the sun will become increasingly important.
That isn’t to say interacting with identity providers isn’t an entirely bad idea, though. Most of the value proposition we were focusing on back in 2005 was to do with signing up to sites, not logging in. Filling out forms is a royal pain, and if it’s possible to abridge the process by, say, sponging it from Facebook (assuming they even allow you to these days), then exploring that could be worthwhile.
Though I wager your users largely sign up because they have a job to do, and once they do they stay put, i.e. logging in from the same machine at work. As such, something that might be of interest is WebID. It’s essentially SSL client certificates plus semantic web data. Totally whitelabel, no passwords. You mint your own certificate authority and then issue certificates to your users who save them into their browsers and never have to use a password on their MailChimp (or other RSG properties) again.
10.02.2012
Ben MailChimp
I’d consider adding “Like” buttons to comments just so I can like this one. Of course, then I’d probably ask Aarron to remove those Like buttons later, but still. :-)
10.02.2012
Dorian Taylor
Thanks, Ben.
Like I said, federated ID is indeed great for lowering the barrier to signing up, and I think web-based companies are in a great position to innovate around authentication methods more elegant than passwords. That the human solution of better communication won out, though, is a lesson that more technically-oriented organizations could learn from.
10.03.2012
Matthew Dolman
My problem with social logins is that I get confused about how they work across different sites. Some supplement them onto a standard account, some create new accounts, then as you say sometimes you have to remember which one you used.
I love the idea of social login, loads of different passwords on different site is a nightmare, but the implementation seems so scattered people get paralysed by the confusion.
10.02.2012
Aleksander Balicki
I would want to know the percent of people that initially forgot their passwords and then started logging in thru social buttons. If the percent of this people is significantly correlated (more than 3,4% of people who are forgetful use social buttons) I would leave the option available. It would be more comfortable to the forgetful ones. No idea how the clutter on main page changes the picture though.
10.02.2012
Jon Stahl
Sounds like you need Mozilla Persona. https://login.persona.org/
10.02.2012
Noah Hayes
I’ll just sign into facebook and leave this here.
10.02.2012
Matt Watson
What about making a sign in with button that hides the NASCAR look but makes it available? Too bad more people don’t use it. Maybe Mozilla Persona is the answer.
10.02.2012
jakechance
You bring up the security issue with third party loggins but from the other side which I’ve rarely seen. Google, Facebook, Twitter and other OAuth 2.0 providers have much better security than you or I could ever hope to create. We’ll obviously salt and hash passwords but we don’t have teams dedicated to security (or if we do, not with as much money as those bigger players). The constant argument from many influential people in software is that we need fewer logins as it cuts down on password and username reuse, potential for hacks, and so many sites with so many forms of security (most of it bad).
I prefer to use my twitter credentials to log in to most services. To be honest, I use twitter as a very convenient OAuth solution 99% more than I even tweet.
10.02.2012
Jim Nicholson
1) you had a bad UI design,
2) you fixed it,
3) you also simplified login by adding social network links,
4) your CEO objected because the buttons were too big,
5) then you deliberately made it harder for me use your product by taking the buttons away,
6) then you wrote a blog post essentially arguing that social network login APIs are worthless because your CEO doesn’t like big buttons.
How about replacing the buttons with smaller ones, below the main login? How about replacing your CEO with someone who understands the web?
10.02.2012
Aarron MailChimp
I think you’re missing the point of the post Jim. Though Ben started the conversation about removing the login buttons, our data showed it was the right decision.
10.03.2012
Jason
With databases of 100M+ username/password pairs floating around the internet why on Earth would you want to make it that much easier for someone to bang away trying multiple un/pw combinations? If everyone used unique passwords, great. But they don’t. I would far rather use 2-factor authentication with Google or Microsoft or other company with a _huge_ security team than trust a small company who doesn’t specialize in such things.
10.02.2012
Aarron MailChimp
None of the changes we’ve made to our login system are making it more prone to attack. We split error handling, refined some copy and dropped login failure dramatically.
And two-factor authentication, yeah, we like that too: https://alteregoapp.com/
10.03.2012
Sid
Thanks for the article- agree with it. From our analysis they are really unused and the qualitative analysis is that user do not in particular like blurring the line of their “personal” social uses and business use.
10.02.2012
Lydia
Wow, I’m so glad finally to hear/read someone smart say that giving away username is not a real security risk, and it’s a major usability advantage. Ever since I first heard that perceived security risk in the ’90s at MIT it made no sense to me. Awesome.
10.02.2012
Ville Laurikari
Social login buttons don’t make a lot of sense in apps with mostly business users, such as MailChimp.
We use MailChimp for business. I don’t want my personal Facebook or Twitter accounts to have anything to do with our MailChimp account.
If anything, I’d like MailChimp to implement two-factor authentication (with Google Authenticator, please). It makes me nervous to keep access to hundreds of thousands of email addresses critical to our business behind just a password.
10.03.2012
Ben MailChimp
Thank you for your comment. I love social for sharing, and even for user auth in some instances (ahem, blog commenting). This is why we’ve integrated MailChimp so heavily with social networks (http://mailchimp.com/social) and why we made a commenting system called “Social” ( http://blog.mailchimp.com/introducing-social-a-wordpress-plugin/ )
You probably already know we’ve built a 2-factor solution for MailChimp (http://blog.mailchimp.com/tag/alterego/), but wanted to let you know we’ve been considering making it compatible with Google Authenticator too.
10.03.2012
Marc
Really interesting post! I’m glad you think this way too.
I actually wrote an article about exactly that a few days ago, giving the facebook connect example and asking “You have to evaluate if it’s worth the risk of delegating a part of your system to another company”
This is quite a coincidence!
The post is here if you’re interested: http://marcgg.com/2012/09/24/working-with-apis-facebook/
10.03.2012
madebygregg
Interesting article, Marc. Thanks for sharing it.
10.03.2012
Hamish Goodwin
I would like to see a couple of numbers for interest’s sake:
– The percentage of users that cause the failed logins (eg is it 5,10,20% etc of users that cause 80% of failed logins?)
– The number of those failed logins that actually resulted in the user not gaining access in that session (ie they had actually forgotten and either resorted to the password reset or gave up, or was it a typo they they then corrected)
– The number of users who regularly forget their passwords (ie, users with a low mean time between service denial due to auth failure)
My favourite solution to all this comes via XKCD: http://xkcd.com/936/
10.03.2012
Anthony Bliss
I think you need to look at it from a different perspective, if you are pushing your users to sign up with social login buttons, then (personally speaking) if It will benefit them in the long run, they will find it easier to do, and it is only those users who find the social login buttons useful on your login pages.
I am weary of what information you can take from me when signing in with basic permissions with a social network, so if you are only asking for basic information such as my Name and a website address (where a link may be useful for a backlink) then I will choose the route where I give up the less information. Like right now for posting a comment, I am not going to divulge all of my information
10.03.2012
Mark
“April 12 to May 12, 2012, we had 340,591 failed login attempts”
“From June 12-July 12 we saw 114,239 login failures—that’s a 66% decrease.”
“I was shocked to see that just 3.4% of the people that visited the login page actually used Facebook or Twitter to log in”
“Even a 3.4% drop in failures is worth having them there, right?”
You haven’t told us the total number of login attempts – if you were getting 10’s of millions of overall logins, a 3.4% social login usage rate *could* have contributed entirely to the absolute reduction in failures.
10.03.2012
Aarron MailChimp
True, 3.4% of millions of page views is a decent number of folks, but not all of those logins via a social oAuth would have resulted in a login failure had they tried to login with MailChimp credentials. So you get a subset of a subset decreasing login failures.
I’m user experience designer, and I want to do anything to make our apps more useable and enjoyable. But sometimes one’s attempts to make things usable come at a cost. You have to weigh the pros and cons, and not always by looking at numbers, to decide what *really* makes a product better. Numbers informed our decision, but so did our gut.
10.03.2012
Oscar Goldman
“Social login buttons put security in someone else’s hands”
Exactly. And that’s even more true in the case of this idiotic practice: http://goldmanosi.blogspot.com/2012/06/forcing-people-to-use-e-mail-address-as.html
10.03.2012
wordsearch
these ambiguous error messages are built in “features” for asp.net membership provider unfortunately
10.03.2012
Savage
There is a basic fact that this article missed: Facebook and socia media logins are early days. They’re the future because they make SO much sense. You can eliminate username/password/security questions/email double optin, etc because Facebook take the validation process more seriously than you do. If you’re losing customers because they don’t want to supply yet another password, then business sense dictates simplification via social login.
To say you ditched them because there was only 3% uptake, I understand that kind of number crunching, but I do hope you’ve made space to reconsider when they really kick in.
10.03.2012
Aarron MailChimp
Actually, Facebook Connect has been around since 2008 (http://developers.facebook.com/blog/post/2008/05/09/announcing-facebook-connect/). Four years in internet time is an eternity. We think the social peak is behind us, but that’s not why we made the change. Research, cost-benefit analysis, and an old-fashioned gut check helped us make our decision.
10.03.2012
David Whitehouse
Sounds to me as though your CEO laid down the law, and was most likely wrong, but then forced you to write this post.
Personally I would use a Google sign-in instead of the MailChimp one – I probably wouldn’t use Twitter or Facebook though.
10.03.2012
Ben MailChimp
Ha. I most certainly didn’t ask Aarron to write this. In fact, if I had known it would result in me moderating comments at 5am, I might’ve asked him *not* to write this. Great googly moogly. :-)
I know it’s not the same thing, but in case it’s useful to you, users of Google Apps can get into MailChimp via one-click sign in.
10.03.2012
David Whitehouse
Yeah unfortunately I’m normally logged in with a gmail account.
Interestingly – did you guys not split test this at all?
Also – I started using the MailChimp two step authentication a while back but it was too much hassle for me – I do use two step authentication for Google (and I use Google’s authenticator for DropBox too).
10.03.2012
Aarron MailChimp
Actually, when I wrote this I thought, “Oh man, Ben’s probably not going to like me sharing his email in this post.” But to his credit, he was willing to be transparent to share what we’d learned.
Part of the reason I wanted to share this story, is that we don’t always get things right out of the gate (no one does), but we *always* learn from our experiences. I know I appreciate hearing others share their lessons learned. Just wanted to return the favor and make others consider their approach to the challenges of login.
10.03.2012
David Whitehouse
You are right though, not knowing whether your username OR your password IS a pain.
10.03.2012
David Whitehouse
I perhaps didn’t read this correctly at the start, so you implemented the change in username/password error messages at the same time as the social login buttons?
10.03.2012
Aarron MailChimp
That’s right. And at first glance of our stats we thought the plummet in login failures was tied to social login buttons, but it was really caused by better messaging and error handling.
10.03.2012
David Whitehouse
Right, I get it now, sorry. I think the order the post is written makes that less clear – perhaps why some people have got the wrong end of the stick.
Good post, my apologies :)
10.03.2012
Vikram
Imagine a scenario where facebook or twitter gets banned in a country. The possibility of this happening is very real. Imagine that country contributes a large chunk of your user base. Scary!!!
For a company like mailchimp offering a business critical service login via facebook or twitter does not make sense. For trivial pursuits (including news websites) facebook/ twitter login still rules.
10.03.2012
Aarron MailChimp
Amen, Vikram.
10.03.2012
Ludovic Urbain
Saying whether password or username is wrong IS a huge security risk. x% of users have very weak passwords, if you have a user list it’s trivial to log in.
Furthermore, you should have removed your own login, not facebook or twitter.
That’s the pollution and the clutter.
Nobody wants to login to your site and everyone would rather log in to one single account, make it so and quit waving your UX noobness around.
And lastly, if you think you’ll do a better job at security, you’re forgetting that any failure will be the death of you, whereas a facebook failure would at most push you to add another option.
10.03.2012
Gary
From my experience, there is a lot of mistrust regarding using a third party login such as FB or Twitter. Users don’t have a good understanding what data will be shared with the third party login system E.g. will tweets suddenly start to be published on my account by MailChimp because I’ve logged in to MailChimp with Twitter etc.
I think removing the FB and Twitter login buttons is better for MailChimp from a user trust perspective.
10.03.2012
ed_lea
A lot of services I sign up for are on mobile these days. In that context I prefer to sign up via twitter of facebook as I just press a couple of buttons as I’m already authenticated on my mobile device. I prefer that to having to type in my email / password etc on a mobile phone.
10.03.2012
Gaz
I personally love the option to login via twitter or google. I’m fed up of visiting sites and having to register. Those buttons, for me, aren’t to help me login but to bypass registration so I can just access the site.
10.03.2012
John Durso
This article is great for sign in problems, but I’m curious if you have any data on conversion for signing up for a service in the first place. For me, not having to create a new username/password vs. other services knowing more about me is a toss up, but I wonder what the stats say.
10.03.2012
Solme Kim
Do you want to NASCAR-up your login page?
–Not sure why adding FB or Twitter login would be ‘NASCAR-ing’ up my page. That’ strategically handled with good UX/UI.
Do you want to have your users’ login credentials stored in a third-party service?
–Um. No. But, that’s now how it works. All your username/passwords to your DB is stored with you. Data flow is a one way street…from social networks to you. You aren’t sharing anything with them…especially your un/pw data. Are you crazy?
Do you want your brand closely associated with other brands, over which you have no control?
–It’s a form of single sign on and pretty standard now. Also, you guys didn’t mention the plethora of social profile data and plugins you gain with this integration. This data is used to provide the most relevant, best customer experience possible across the site. You’re only leveraging the login piece. Dynamic emails, which friends use mailchimp, Fab.com’s feed page, chat service, ratings…list goes on and on.
Do you want to add additional confusion about login methods on your app?
–How is it more confusing? You just press a button & you are logged in.
10.03.2012
Eric MailChimp
Hey Solme, solid point about our user’s login credentials not being stored in a third-party service, the only shared data are the shared secrets to create authorization tokens. However, access to the social network then grants access to the MailChimp account and that lessens the security of the MailChimp account, simply based on an additional trusted point-of-entry.
10.03.2012
Ryan Beard
Am I the only one to see the irony in an article that condones the use of social login buttons yet still has them as a sign in option on the comments box!?
10.03.2012
Chuck
Nope, you’re not. If you read the first few comments, you’ll see it was dealt with straight away,
10.03.2012
Armin Jalili
So why they are still exist in the comment section? :D
10.03.2012
ginarau
Aaron –
While it certainly appears that you went through the due diligence in pulling data to support your decision, I want to point out a few facts that may have been overlooked (full disclosure: I work for Janrain, the leading provider of social login SaaS technology).
In consumer research, 90% of people admit to leaving a website if they have forgotten their password. Now, yours is a the type of site that people who use your service need to access their account to conduct business so they’re unlikely to leave but this figure illustrates the frustration of the forgotten password dilemma. Of these consumers surveyed, 77% said they would prefer to have social login offered.
In another study, 38% of adults say that it’d be easier to solve world peace than to remember their passwords.
I would suggest that perhaps the right identity providers weren’t offered in your social login choices. For a service and site like MC, our digital strategists would have recommended Google, Yahoo!, MSN or LinkedIn since these are likely the email providers your customers are using already on your site. Many of our B2B customers see site visitors choose these providers over Facebook.
10.03.2012
Aarron MailChimp
We see a pretty low bounce rate on our login page. There’s no compelling evidence that we’ve seen in our analytics suggesting that people are leaving due to a forgotten password.
I’d be curious to know if the survey you’re citing asked questions like “How often do you forget what social platform you used to sign up for a service?”, “Do you know what permissions you grant third-parties when you sign up with a social platform?”, “Do you use a password management application like 1Password?”, “Has your Facebook or Twitter account ever been hacked?”. My point here is that users may say they prefer to use a social login button, but that doesn’t translate to them actually using them (at least in our case), and it doesn’t mean they understand the implications of using them.
10.04.2012
Glenn C. Breslauer
I applaud Ben for this decision. It takes *guts* to defend your brand, and gut instincts to make that decision. Steve Jobs always said that users don’t always know what they want, so we make things that we love. Being the perfectionist that he was, his eye was the toughest on the end product. I imagine Ben saying, “This is not what I want for our brand, and I would not want to log in this way, so it must change.” Kudos to Ben for being a decision making leader of a really awesome brand & company. This is why we love MailChimp so much.
10.03.2012
Erica
Not that this best applies to Mail Chimp, but I think this also becomes a different discussion when you consider mobile. Now that Facebook and Twitter are becoming more integrated with mobile OS, and given that typing on a phone is more cumbersome, one might weigh their options and choose to use a social login or account creation here.
FWIW, I personally never use social logins because I don’t want to worry about what’s being shared without my consent. I really dislike when services force me to use FB to sign in. And, I do agree that having all those options together can lead to a cluttered UI at best. I think you guys made a good decision. Makes sense to me!
10.03.2012
Ben MailChimp
Agreed. For mobile, we’re going the route of native apps that don’t require login at all. Upon initial setup, they don’t even require un+pwd (most of our mobile apps just let you scan a QR code version of a long API key). Initially, we did go the mobile web route with some of our apps (like AlterEgo), and you’re absolutely right: the login part sucked on mobile.
10.03.2012
James Wenzel
I couldn’t agree more with this train of thought. I have trouble remembering if I signed up for an account using the sites authentication, facebook, twitter and google almost always just open a new account. Great post!
However I noticed you still allow third party login for your comments ;).
10.03.2012
Les
Ha ha ha…
You go on about ditching the buttons which is the correct thing to do if it ain’t working however you’ve got them on your blog to verify comments!!
Just for the record, I too do not use social media buttons, as you can see yourself!!
10.03.2012
Tiago
My suggestion: when an user mistakes its username/password, offer then LastPass – if everybody adopt it, your login failures rate will be zero.
10.03.2012
Ben MailChimp
Inside our app, where you can change your password, we have a button to help you generate a very strong one. When we do that, we make a non-specific reference to “password managers like…” to minimize problems.
Interesting idea to recommend it in login errors!
10.03.2012
James
good article. I’d also say I’m put off from logging in via Facebook or Twitter due to some (unfounded??) paranoia that my activity on the site will be automatically posted to my FB timeline, or Tweeted. I’m more and more conscious of my friends getting sick and tired of “James just posted some cool design to Pinterest” type of posts…
I know I can go in and tweak settings so this doesn’t happen, but the amount of time I spend doing this does my head in!
10.03.2012
Johan Jenefeldt
Thanks for a great post, but you haven’t thought about having red(ish) text right next to a form might indicate that something wrong? When I first saw the login page I thought that something was wrong with my username or password.
10.03.2012
Basti
I like how I can log in with twitter or facebook for the comment section.
10.03.2012
Tiago
This is a completely different scenario, where the purpose is to integrate and allow comments from different platforms.
10.03.2012
Chris
As a matter of practical interest, what will happen to those people with Twitter or Facebook logins when you remove the buttons?
10.03.2012
Aarron MailChimp
Anyone that used Twitter or Facebook to log in to MailChimp in the past now just use their MailChimp username and password.
10.03.2012
David Glass
3.4% is pretty negligible but, did you compare how many new members were registering with the social media vs standard login? That percentage could have dropped drastically over time as your userbase through social media grew. It might be you just didn’t give it much time.
10.03.2012
Ben MailChimp
One thing we didn’t make obvious in this post is that you never could actually create a new MailChimp account with your social network credentials. You always had to provide username and password (plus more). Email marketing can be abused, so email service providers tend to require a bit more info to help us vet than other apps might require. After account creation, we provided the “login with social” option as a convenient alternative.
10.03.2012
tommoor
Interesting article, and great to see such a measured approach. I have to agree with Ben – the page with the social signin options is significantly uglier in this case.
I wrote about our experience with social signin at Buffer here:
http://blog.tommoor.com/post/30172542232/sign-up-or-sign-in-does-it-even-matter
I think the key difference that you didn’t mention is that social signin makes a lot more sense for inherently social websites.
10.03.2012
Ben MailChimp
That’s a great post. Thanks. And I agree, if you’re running an app that’s inherently social, using social login is probably good for business from a usability *and* branding standpoint.
10.03.2012
josealbis
Agree with you. As per mine below.
10.03.2012
AndrewHansen
Depending on the geography of your users, this can be the right or wrong decision. If you are operating a local site, social login options will be used far more often then for a global service like Mailchimp.
10.03.2012
Kevin Kurbs
Extremely well written and a very good point– one I wouldn’t actually have thought of. I agree that too many buttons can be a confusing cluster, but I think in the end, simply modifying the error message is a solution that should be implemented across the board.
10.03.2012
mmj
If the social login buttons are so bad, why do you have them for people commenting on your blog?
10.03.2012
Aarron MailChimp
See the top of this comment thread for the answer.
10.04.2012
Mike Freeman
I like how I posted this comment by signing in with my facebook account.
10.03.2012
damu
I always prefer login with twitter or facebook. I don’t care if they get hacked and loose some personal info. I just want ease!
10.03.2012
Aditya Nayak
How ironic that just after the post, you have social login buttons for comments. :)
10.03.2012
Aarron MailChimp
Yup, we know and responded to that right at the top of the comment thread.
10.04.2012
angel
sign in with twitter | sign it with facebook … anyway, i think social buttons can be useful in some cases, but not worthy for every login page. as i say: the right way for the right project.
don’t you think so? btw great post
10.04.2012
lukemiler
Great case Aarron, thanks for writing and sharing this.
10.04.2012
Craig Swerdloff
Really interesting post for a number of reasons. First, I find Ben’s leadership on this issue to be admirable. He sounds like the kind of passionate CEO that everyone wants to work for. Second, the analytical approach taken to evaluate the problem, and potential solutions is part of what sets MailChimp apart. On a side note, I did find it funny that after reading the post, I was asked to login to comment, and presented with “Sign in with Twitter” or “Sign in with Facebook” options. They were more inconspicuous at the bottom of a blog post however. :-)
10.04.2012
Simple Scott
A few points to add.
1) The method of social login for new services versus legacy applications may yield slightly different results,
2) Testing both social logins might be excessive. If you have twitter account you likely have FB account. If you are wanting to reduces elements on a page choose a single social login rather than both.
3) I do agree with value of feedback for the user to enhance the user experience, but can’t there be a way to help a person through the social login experience?
4) I’m not wanting to form grand alliances either but OpenID didn’t exactly takeoff and if it wasn’t for 1Password I don’t know how I would navigate the internet, having a user account on every service is a big problem that someone needs to solve.
5) At the Noun Project we launched with only 2 choices login with Facebook or do the standard deal. The results have been staggering. Over 50% of users have choosen the easy route. Login with Facebook. It is not perfect but it seems to simplify signing up and logging in.
10.04.2012
kateperkins
This *may* be true of a service-based business such as Mail Chimp, but this is far from the case for any company that sells products online. The true benefit of logging in with Facebook is to get permission to view that users’ data. Then you know a tremendous amount about that user that allows you to serve tailored content. For example, if they know you are college educated from the north east, they may prioritize more expensive options in the search bar. If they know you like X Company’s facebook page and have shared two linked from that page, they can prioritize X Company results in search results. So the login with facebook feature does not inherently provide this – there is considerable custom build work required to parse all that data – but the value is tremendous.
10.04.2012
Aarron MailChimp
Yeah, tremendous value to the company that uses social logins, but super creepy to your users.
10.04.2012
Connectionary
I tweeted something about this topic the other day, in which I was making a related case for commenting and such ‘surface’ interactions with sites/communities more open. Avoiding the need to integrate commenting and basic interaction around products and content allows more interaction and is a good thing–hence social login buttons and OpenID and so on. Most would view eliminating the need for signing up to post comments as a good thing.
Commenting systems can be served up with different databases and completely isolated from content and any secure log-in for a community or application use that should be/is reserved for registered users. Social login buttons and OpenID are just the thing for that.
Take this blog. Commenting in blogware (or any CMS for that matter) ought to be completely independent of and separated from the app managing the critical data. We just don’t see that because that’s just not what’s been done. How hard is it to simply hook in a module that doesn’t allow a compromised commenting system to in any way deal with the data in a webpage? You secure it as any other system would be. Import comments through iFrames into bottom of pages, whatever…there are dozens of ways you could do it.
That is an appropriate use for social login buttons/methods and protects critical infrastructure. The big upside is allowing greater engagement and conversation/interaction around content. Why lose X comments and user interactions which might in turn create Y responses leading to an increase of Z% in page views, ad displays and revenue because someone was required to login via some cumbersome mechanism and didn’t?
Social login is a good thing. Unhealthy dependencies in your business model is not. It’s not the login method itself that is flawed, but the application of it by not creating a scaled level of user interaction/registration. We scale users within the critical application but make no allowance for the new aspect of the social web’s surface interaction which needn’t be integrated or critical to our content/app, but offers a lot of potential upside.
On the unimaginative side, you can run comments with SQLite and iframes, basic security/script sanitizing just like you would create if you were using integrated forums/commenting system…and just let the queries run parallel to the app/site rather than as integral to it. Just making use of the same basic idea/principle behind services like Disqus, you see?
Surface interactions should encourage greater engagement. They’re essentially people wanting to interact with your content, company, community, but in small bits rather than creating yet another account just to comment or download something you’re giving away anyway (yes, we’re all becoming harder to engage the bigger the Net gets). Instead of fending them off, publishers/companies need to dig into that old school toolbox and revive the idea of ‘sticky’ and let those surface interactions occur between registered users (who should have some higher level of integration and content access, obviously). Greater activity and thus eyeballs on target creates yet more chances for engagement and converting surface interactors into registered users of your community or customers of your service/app. It also means more engagement value for registered community members by reinforcing the value of where they are if people are coming to engage the community, and giving them access to ideas, views, info, resources and media that non-members might choose to share.
Don’t throw the baby out with the bathwater because you didn’t provide a wash basin AND a suitable crib for that new customer that will one day grow up. Or, whatever appropriate analogy you want to come up with…
Just saying…there’s data for and against doing what was done. I’m always in line with sticking to what makes a company unique, but that there are ways to do that without making things a burden on users in a way that might cost you existing users and alienate you from potential users.
10.04.2012
Karin
Great post – this data is good stuff!
10.04.2012
Jemini Doobrick
Social buttons are not secure but the username enumeration is secure? Facebook and Twitter have big security teams because they are big targets. Have you looked at the increased use of password managers like lastpass and keepass? That more likely explains the decrease in failed attempts. Correlation does not imply causation.
10.04.2012
Aarron MailChimp
Though password managing apps may help improve login stats, it’s very unlikely that within 1 month, at the exact same time we made other changes to the login page, 240,000 users decided to start using a password manager and decreased our login failures. It’s a pretty safe bet that the changes we made had some influence there.
10.05.2012
Jemini Doobrick
I would be interested to see the stats for June 6 to June 12. June 6 Linkedin was compromised. There was lots of news about changing passwords, using a password manager, etc. I suspect you had a lot of password resets during that time. The timing seems perfect to support this theory. I don’t doubt that the changes help, but at what security cost. Its not that hard to confirm any username now.
10.06.2012
Suresh Patel
yes i thing social login button i worth to have for every website. Its saves user time for registration process
10.05.2012
Susan Silver
I am going to have to quote this article soon. I love that better copywriting saved the day. Some clients think that all I do is make content for search engines. They don’t see how clear communication increases customer satisfaction.
10.06.2012
Vicky Chijwani
Since you guys clearly care about UX, do everyone a favour and increase the contrast of the text on your blog. It’s uncomfortable to read, and I’m just a 20-year-old with healthy eye-sight. Imagine the frustration of other older people, or those with weak eye-sight.
10.07.2012
Alexandre Plennevaux
Thanks for the interesting case. There is a middle way that you seem to have overlooked: only use ONE social service. This way, the user doesn’t have to remember which one he used to create his account in the first place. We took that decision with a customer of mine and no one complained (we sticked to fb and dumped G+ and Twitter, not that popular with their target audience).
10.09.2012
Sebastian James
What if in the first place, you would have used smaller buttons, and placed them below the fields?
10.10.2012
Michael Dick
My start up saw a 20% increase in sign ups once we introduced a non-social sign up process. We saw a similar bump once we hid the social alternatives, too. Our data showed us that people didn’t want social logins.
10.13.2012
Robin Singh
Nice post and well written. Also all the comment are as expected. Not every one would agree to all the points mentioned in the post. So why not have both the feature. Since you want to have your brand to be prominent then so be it. But also have an option for people/customer who loves to login using the social button.
Just show a small button which says login with other means and on click slide in a panel with all the option.
CEO is happy as we are not showing the icon straight away on our page and customer are happy as they still get an option to get into their app in an easiest way.
10.16.2012
Florian
OK, so here’s thing.
Twitter Login:
“This application will be able to:
Read Tweets from your timeline.
See who you follow, and follow new people.
Update your profile.
Post Tweets for you.”
Wait what? Update my profile and post tweets for me?! Hell no. I just wanted to comment here. WTF is that shit?!
Facebook login:
“Who can see posts this app makes for you on your Facebook timeline:”
Wait what the fucking fuck? Post on my timeline? Why what I don’t even wtf? Seriously?!
So that’s in a nutshell why I don’t use twitter and facebook to sign in. If available, I use google, because they at least just hand out my email address and don’t offer random websites to wreck my social profiles.
11.03.2012
reena
The bottom line for me is simply this: I do not like being told that my only choices (in order to post or login) are to sign in via social media. I realize that is not the case with your site, but it is becoming the norm with many sites, and I am perplexed as to why other companies don’t understand how that might affect readers and contributors. Thanks.
02.06.2013
Harm Jan Luth
I think you biggest problem is het “Require capital and number”. You are forcing users to use a password which they might never had before.. Longer = stronger..
02.11.2013
samparmenter
Do you want to NASCAR-up your login page?
You don’t have to use their logos and you have the choice to design your own versions that style with the rest of the site.
Do you want to have your users’ login credentials stored in a third-party service?
Facebook and twitter are not going anywhere and are more likely to be here in a few years than mailChimp.
Do you want your brand closely associated with other brands, over which you have no control?
Social login buttons are everywhere. No one associates your company with facebook or twitter. Honestly, I would love it if people thought I was anything related to twitter or facebook. I don’t know how good your security team are but I would wager that facebook and twitter have a better one.
Do you want to add additional confusion about login methods on your app?
Again, these buttons are everywhere and people know what to do with them.
I am sorry but this just reads like a CEO being a dick and forcing users to adhere to his own views. If your CEO is forcing you to implement features based on no more than their say so, you have issues.
Can you also explain a bit more about your statistics on users logging in via the social buttons. Am I being a bit thick or are you entirely misreading the number of users that auth via facebook and twitter. The idea of using twitter and facebook to auth users is to avoid them having a million different accounts on a million different websites. So is that 3.4% of new users to the site or is that 3.4% of all users to the site. If its out of all users then 3.4% is fantasic.
People who already have a username / password would naturally use that to log in rather than doing it via social auth. I nnow this all sounds rather negative but your post simply reads like someone looking to justify a poor decision they have been forced into. For every flaky reason you give for dropping them, there are two reasons for keeping them.
02.13.2013
Nick Donnelly
This is an unfair look at these buttons.
Of course you only had 3% of logins with social as you only allowed 1 month for social login. All existing users would already have a non-social login and would just login with that.
Also, MailChimp isn’t a typical service that users might want to test to see if they want to use it.
People ‘get’ email newsletters. They may well not ‘get’ a new service, and might only bother to test it out if they can signup quickly and effortlessly.
Almost any new website would fit into the latter. So while your post does apply to MailChimp it wouldn’t apply to most websites, specially new ones.
03.20.2013
Michael George
Ironic that I just used Facebook to post here… I think this article is ridiculous and so is the CEO. When given the choice, I’ll always login with Facebook or Google+. It wouldn’t affect my failure rate, because I’m fairly responsible with passwords. But it would affect my happiness rate if I didn’t have to open my password vault each time I visited a website.
03.20.2013
Pippa
I never log in with a Facebook button — who knows what information is being shared back and forth, and I definitely don’t want to associate my professional activities with my social ones. I think the buttons look make a site look cheap and unprofessional. For a blog, or comments, fair enough, but not for a serious business product.
04.04.2013
Nurettin
It’s interesting that taking ads, which is what putting the brands of other products on top of your product basically is, makes your application 3.4% easier to use. Weird age we live in.
On the other hand you could also display your password validation criteria on the page in order to help people remember what they had to change in their passwords
05.17.2013
Will Haynes
Speaking of login workflows, I notice that after a user resets his password – he must then still login with that new password.
Does this add any addtional security? Whoever is trying to login obviously just successfully reset the password. They’re going to be able to login regardless. Why make them physically type their username and password a third time?
06.16.2013
Carl
I’m not a fan of social login. My social media accounts for being sociable, not for authentication.
What would have happened if years ago everything was “log in with MySpace?” all those people who left MySpace, would then be forced to manually create a new account.
Facebook won’t be around forever, Twitter won’t be around forever. Hell even MailChimp is unlikely to be around forever.
07.08.2013
Matt
My Apple password has special characters in it, and so does every other site I use apart from one or two, the complexity of your password really isn’t the issue here, its literally as simply as what this blog proves, error messages need to be more informative! I have around 9 email addresses in total in use, if it just says username or password wrong, it a minefield to get it right.
Facebook actually forces you to hand over all the details you state when you sign in with Facebook, not selectively as you put it, you’re default information and anything you share publicly is forcibly authorised by the API, this includes your email address used to sign in, user ID, friends list, DOB, gender etc, you cannot deselect any of these as it is built into your basic information, this information doesn’t need your permission, a sign up form can automatically populate this without you needing to authorise the app (Spotify is a good example).
Getting ride of password fields is never going to happen. If anything, as security improves more and more places will opp for 2-stage authentication which will require a password and a PIN, such as your bank or Google. If anything, people just need to be more careful when signing up to website and use passwords that they can actually remember. There is also nothing wrong with writing a password down, as long as it is stored securely.
If anything, users can use services like 1Password or something similar if they dislike passwords and filling in forms that much, even browsers fill in forms and passwords for you. Thats another choice for the user without all the Facebook and Twitter branding thrown about everywhere.
10.02.2012
H.
If you remove the password fields, what happens to people who don’t want to link their facebook or twitter? Or don’t have one? Do they just get locked out?
10.05.2012
Caleb Donegan
Haha I was just going to post that.
10.02.2012
William Furr
I like your reasoning. I also don’t think login failures that result in an email request are a bad thing, necessarily. Sometimes I treat those as “one-time use” passwords and never bother to make a real one that I can remember.
Also, amused by the twitter and facebook buttons just below the post. And here’s another reason to not have buttons like that:
This application will be able to:
Read Tweets from your stream.
See who you follow, and follow new people.
Update your profile.
Post Tweets for you.
No thanks. I’ll just make a stupid account or something. I don’t want anyone posting tweets or following people for me.
10.03.2012
lolzor
BAAAAAM
10.03.2012
booshstudios
@coolpowers ba-zing! ahahaha!
10.03.2012
Ningning Niumai
my first thought too. I went LOL as soon as i hit the bottom paragraph :P
12.07.2012
Aarron MailChimp
Thanks for the kind words, Jeffrey.
10.03.2012
Ben MailChimp
[LIKE]
10.03.2012
Aarron MailChimp
@whale +1 to the issue having shades of grey. For us, it’s much more concrete, but for personal apps the benefits may out weigh the costs. The point here is it’s healthy to question the power we’re handing over to other systems.
10.03.2012
Ben MailChimp
@JoeGallagherIV Deep thoughts. I like it. From a branding perspective, you’re probably giving us a little too much credit. Sometimes, it’s just hard launching something new, so you gotta give it a cool name and cool, stealthy skunkworksy logo to get the creative juices flowing. It also gives everyone permission to approach problems in new ways. And sometimes our design team just wants to do something different from the every day happy-go-lucky stuff in MailChimp.
When I was really young, I got a tour of the Hallmark cards HQ, and got to meet all their designers and artists. I was impressed by how nice and cool and professional they all were. Then one of them gave me a copy of their “underground comic book” (I guess he heard I was an aspiring artist) where their designers could go nuts and draw cartoons of whatever they wanted. This was the complete opposite of what you know about Hallmark. Some of it was seriously demented for a little kid to see. From that experience, I learned to give creative people some proper room to try new things. :-)
They say a lot of those “Um…no” ideas at Hallmark led to the creation of Shoebox Greetings.
So that’s where the Mandrill brand came from. Us tinkering. Not so much planning.
The tie-in with MailChimp’s login was acciden—um, serendipitous. We fully expected two distinct audiences that would rarely overlap. We even anticipated migration, at some point. So the apps were built to be very, very separate. What happened was, during private beta, a bunch of MailChimp customers asked for really strange, surprising, uniquely-MailChimp features inside of Mandrill, which made us evolve the relationship between the two products slightly. People expected the MailChimp infrastructure and delivery expertise to be somewhere in Mandrill’s DNA. So turns out, linking the two brands via login made sense for business, and for setting that expectation. Linking MailChimp to Facebook or Twitter didn’t, imho.
10.03.2012
Ben MailChimp
Yep. I think it’s safe to say that almost *all* our customers use MailChimp for business. That’s how we’ve thought of ourselves, at least. We have another service called TinyLetter, which is more for personal use, and has more overlap with social networks. That’s a place where I’m very open to using Twitter and Facebook logins. Much better fit there than MailChimp.
10.03.2012
JoeGallagherIV
The transparency of the Mailchimp organization never ceases to amaze me. I never got the Hallmark tour, but their book “Orbiting the Giant Hairball” was a favorite a few years back. http://www.amazon.com/Orbiting-Giant-Hairball-Corporate-Surviving/dp/0670879835 Keep kicking ass over there.
10.04.2012
Ben MailChimp
Amen to that!
10.05.2012
bao
This is the social web, my boy.
10.18.2012