Social Media only login


(Daniel Hollands) #1

Do you think we’re at a stage where a web app could be built which doesn’t require it’s own sign-up process, but instead can rely 100% on social media login via oAuth?

I suppose this would depend on the app in question to some degree, but I think I’m more interested in the idea of user acceptance - i.e. are there going to be an amount of people that would refuse to use your service because they can’t sign-up with just an email address and password.

What do you think?


Feedback on NoName Startup
(Will Parker) #2

I think as long as you offered a couple of options and your weren’t building an app that needs to be 100% accessible.

I think across Facebook, Google and Twitter you could probably account for 95% of the UK internet users and if your app wasn’t likely to be used by over 50’s I’d probably up that percentage to 99% coverage.


(Stuart Langridge) #3

There may be, and not just because they hate social media. My daughter is a very, very keen Facebook user, but won’t sign in to other apps with Facebook because she doesn’t trust them. See http://kryogenix.org/days/2013/08/12/federated-uncertainty/ for more detailed thoughts from a while back.


(Steve Jalim) #4

There’s also the simplicity argument against peppering a login screen with social media icons. This report from Mailchimp is getting old, but still makes a worthwhile point: keeping it simple helps.

Another thing to bear in mind is the ToS of the authentication provider - these can change and leave you in a bind, especially if you’ve slightly wedded your application to some of their data, which you’re no longer allowed to use.

Above all, though, the biggest pain I’ve encountered with social media login is the customer support overhead when you have more than one way to authenticate. Without using nasty tricks (supercookies or browser profiling) there is no way to remind an unauthenticated user which third party they use for your site (“Was it G+? Twitter? FB? Or maybe I DID set a password… Dunno”). This then ranges from time-consuming support email handling to annoying-and-time-consuming data cleanup if someone creates multiple accounts via different authentication providers.


(Andy Wootton) #5

Philosophical point: we need there to be trustworthy authentication providers. Each social network provider wants us to believe it is them and they’ll do it free. Most of them intend to profit from ownership of our social map. I believe this disqualifies them from being a trustworthy authentication provider and may mean that we will have to pay for the service that we want.

Social Networks will try to kill these organisations that are competitors for ‘their’ food. A cynical person would start up such a service to sell-out to the highest bidder so be careful who you trust. An ethical provider would have to put in safeguards to protect their future selves from greed.


(Daniel Hollands) #6

This is an interesting point. Without even realising it (until now) I have my own system for remembering what I’ve used where - this is mainly based on a simple hierarchy, i.e. out of the following list, I’ll use the first available service:

  • GitHub (only applies to tech tools - although what non-tech tool would use GitHub?)
  • Google
  • Twitter
  • Facebook
  • LinkedIN

That is, if a site offered all of the above, I’d go for GitHub, if it only offered Twitter and Facebook I’d use Twitter, if it only had Google and LinkedIN I’d use Google (you get the idea).


(Andy Henson) #7

I refuse to use anything that doesn’t let me just sign up with a username/email and password. Email has already proven itself a mainstay and seems unlikely to go anywhere in at least the medium term future - I am also in control of my email and receiving it so I am more assured that I can retrieve account details for services should I need to. All these social media services, whilst currently popular and are starting to display traits of being around longer-term overall it’s still early days. Anyone remember MySpace, etc. Imagine if we’d started wedding our identity services to these. What happens if they disappear overnight? Suddenly you’re locked out of upteen services with no real way to restore access. No thanks.


(Andy Wootton) #8

Yup but if we could get things right by implementing identity, social and notification right, with a set of open protocols that allowed distributed providers, email could ‘disappear’ as quickly as MySpace. It only continues to exist because we haven’t come up with anything open that is much better than an automated pony-express service yet.

MySpace died because it was taken over by an organisation that had more money than clue. Exactly the same could happen to Google, who bought our mail.


(Richard Cunningham) #9

Spotify required a Facebook login for all new accounts from 26 September 2011 to 30 August 2012 - I remember that being quite controversial.

For CleverRun and CleverGeo, I have no signup after you signup process, you are dropped right in to the app - though these are a special case because they are essentially add ons of the apps they support. I have considered not requiring a RunKeeper login for CleverRun. I don’t think anyone has complained about that, and few have praised how easy signing up is. One downside is, I don’t have anyone’s email addresses.


(Daniel Hollands) #10

For the project I’m working on now, I’m actually considering the idea of a guest account system. That is, as soon as a user clicks the button to get started, they’ll have a user record spun up in the database automatically. This will let the user use the app as if they were a full user, with no changes needed to associations, etc… and having removed the need for any sign up.

If the user deems the service useful, they’ll have the ability to convert it into a full account by adding their email address/password, otherwise, as soon as their cookies expire, so will their access to their stuff.

I’m not sure if this is a good idea, but it’s one that I’d like to explore, and I think should be a pretty good fit for what I’m working on.

The ironic (I think) thing about this is clicking on the [Login with RunKeeper] button, which redirected me to the RunKeeper login page - which itself I logged into via my Google account.


(Richard Cunningham) #11

I like the idea of guest account system, I think it’s called gradual engagement in general. I think it’s a good way to get people on your app without forcing them to signup (which many are reluctant to do).

Interesting, hope that works!

OT: RunKeeper have been very slow with their HTTPS support, to the point I have to host their image locally because they won’t serve it with HTTPS, despite claiming to be able to.


(Daniel Hollands) #12

Aye, that’s the bugger. I have no idea how successful it is - sounds like an A/B test (although, I’m thinking that would be a pain in the ass to make work).

Worked fine for me.