I’ve been wrangling with use registration for years, partly because it’s an interesting time sink. Partly because it’s annoying when it’s wrong. Plus, usually when you start building any application in this day and age you need some form of user registration. The basic systems these days are:
- Username and Password (e.g. yahoo, google)
- Key signup form elements: Username, Email, Password, Captcha
- Email address and Password (e.g. facebook, linkedin)
- Key signup form elements: Email, Password, Capthca
- Pure Facebook Connect (or Google Connect, etc.)
- Key signup form elements: Big Facebook button
- Hybrid systems
- ..topic of discussion…
Fundamentally username+password and email+password are just variants of themselves, really coming down to how you are known on the system (unique handle “johndoe77” vs. real name “John Doe”). Both systems typically will send you and email asking you to confirm your email and they always have a Captcha since the spammers are going to bully you into submission if you don’t. It’s really hard to innoviate in this space it’s just getting the implementation right, but I’ve build four or fourty of these in the past.
The new kid on the block is the Facebook Connent, Google Connect, OAuth/OpenID systems. The happy part is that as sites start implementing these systems we can stop having to type our passwords into site after site after site — do you really make unique passwords?!?. The challenge is that as a service you still want to have connection with your user. Things I’ve noticed:
- Google gives you email address easily (thanks guys)
- Facebook gives you a handle to email address and prompts for permission (so, so)
- LinkedIn you’re just a pain in this front, I want a relationship with your user, not just some handle to use your funked up messaging platform.
- Twitter/Yahoo – data exchange is a pain.
Back to owning our user! It’s easy to own the user if they type a password, it gets progressively harder when we start using the Open provider marketplace to have the user.
Why should you care? Because users are your biggest asset! If you don’t realize that you’re not thinking hard enough. The cost of customer acquisition is $X in this day and age the cost of marketing to a known user is a fraction of $X (say 1/10th). Which means that if you have a service and spent $100 on Google ad words to find customers the cost to market a new product to them is $10 rather than $100 — plus you don’t have to re-train them hopefully so your support costs are lower.
That brings me to my last world view of customer registration — hybrid registration. No I don’t have a quick example deployed at the moment (currently in alpha). The basic premise is that you ask for the basics up front:
- Email address
But now instead of the classic “captcha” page you hit them with the Facebook Connect/Google Auth page to confirm their account. The complexity of getting this working is slightly higher than the Captcha, but the advantage is that in addtion to having about the same barrier as a Captcha from a spam protection standpoint you also now have a secondary form of authentication and potentially access to very useful data about your customer.
- Full Name
While you’re probably a smart service and don’t hit the customer over the head with “spam your friends” what you can do is save this away for later use, like when “Sally Smith” joins you notice that “Tom Jones” is a friend of hers and you can point this out in “Suggested Friends”. Sally just thinks that you’re a smart service — maybe goes “how did they know that” — but you’re really using the information for their own good.
The second benifit is that since you’re still running a user through a classic registration flow, you’ve got an email address to conduct future marketing to. But not just that you’ve also now got a guaranteed second touch with the customer. Why’s that important?
- Your first touch was getting them to signup and confirm their account, because they connected a social network to their account we’ve got a high confidence that it’s a real user.
- Your second touch is the confirmation email, which the user will now open 30 minutes to a day later. Where you can remind them of all the cool things they should be doing with your service.
- Your third touch is the message you send in three to seven days thanking them for signing up for your service and potentially looking at some of their recent behaviors on the site to determine some simple bucketing of their behavior to help send an appropriate message.
If you feel like I jumped from Hybrid authentication to customer contact, you’re right. But, fundamentally as I’ve played with user authentication and buit a variety of systems and looked at the long term value of that customer. My mindset has evolved into these tenets:
- Own your user — don’t give them away
- Enable them to login with a variety of system — lower the barriers
- Keep the lifetime value of your user in mind
Hybrid authentication is the way to go!