Skip to content

Product: Authentication & Registration

Jump to bottom Edit New page
Rebecka Z edited this page Apr 20, 2018 · 1 revision

MVP Requirements (per @thescurry) last updated August 01, 2017

  • Solution should be very mobile friendly
  • Needs to be more secure than passwords
  • Should be very easy to understand and use for TR user
  • Needs to help reduce trolls/bad users (for example: phone # being a requirement, reduces the amount of accounts someone with ill intentions can create)
  • Should be a low costs solution. (Auth via SMS at scale can be very expensive, are there better options available out there?)
  • Solution should scale for the long term.

Per @bengtan's feedback

I'd like to point out that there's registration and there's authentication. We're currently using Digits for both but they can be two separate things.

So we could split it out like thus (speculative):

Registration

  • Solution should be very mobile friendly.
  • Should be very easy to understand and use for TR user.
  • Needs to help reduce trolls/bad users
  • Should be a low costs solution.
  • Solution should scale for the long term.

And then I would add:

  • Cross-platform
  • Moderately easy for staff to bypass so we can test onboarding flow

Authentication

  • Solution should be very mobile friendly.
  • Needs to be more secure than passwords
  • Should be very easy to understand and use for TR user.
  • Should be a low costs solution.
  • Solution should scale for the long term.

And then I would add:

  • Cross-platform
  • Moderately easy for staff to have multiple accounts and pass accounts around

Auth via SMS at scale can be very expensive, are there better options available out there?

There are one or two I can think of (though none are perfect), but I'll mention them when we move from 'discovering requirements' to 'searching for solutions' phase.

Needs to be more secure than passwords (what a low bar to set)

I don't get this notion that passwords are insecure.

They can range from being very secure to being insecure ... it depends on the user.

Maybe you mean un-user-friendly? But even then, that depends on the user too.

@rz Product Goals:

  • Reduce as much friction as possible, if we do some sort of authentication, code verification should be up to 4 digits (not our current 6).
  • Perhaps implement a flow where users can tap on a link to enable verification (as an option)
  • Implement as much tinyrobot branding as possible so users understand what's happening (where it currently says sent from Twitter it should say "tinyrobot" instead)
  • Provide users with alternatives (or a way to reach out or troubleshoot) if they are unable to log in via a certain method of verification
Add a custom footer
Add a custom sidebar
Clone this wiki locally