-
Notifications
You must be signed in to change notification settings - Fork 120
Allow users to log in from the registration form even if they haven't provided their age #2778
Comments
I recall some people complaining that it was confusing, surprising, or likely a bug. I also seem to remember some yelling about security problems (not that I believe that). |
I agree with @ckarlof, this behaviour would be surprising to most users and I don't see much prior art for it in other websites. |
@rfk According to Datadog, 15% of logins originate from the registration form. Those users are more likely to be surprised to realize they were on a registration form than if they were just logged in. I can't think of a case where being automatically logged in is not the better experience. |
@ryanfeeley - why did we take this behavior out to begin with, do you remember? I'm neither for nor against the idea, but want to know why we changed the behavior once already. I admit that I'm not a fan of educating users that it's alright to sign in via a signup form. I am -1 on allowing the user to sign in if they have not entered COPPA info. The entire form should be valid or no go, otherwise we 1) teach users it's alright to enter invalid forms, and 2) we end up with a more convoluted state machine that must be debugged and maintained. |
I agree with @ryanfeeley 100% |
Against thisFor itDiscuss! |
FWIW, I regularly do this "sign-in-on-the-sign-up-page" myself, and the flow is pretty nice; I see that there was an error, but I can click straight through to the sign-in page and it has all my details filled out, I just click the "sign in" button. Granted, I do have a very rich mental model of what's going on, but that seems far from terrible to me. Call me -0 on the proposal. I could be convinced by prior art from other websites like the tumblr example above. There's also other edge-cases besides COPPA, e.g. what if someone picks "customize sync" on this form, should we try to action it for them even though it's not a new signup? |
FWIW, I'm not "against it" necessarily. I just stating that I recall the reason for us making it the way it is now is because some users complained that the previous magical behavior of signing them in on the signup form was surprising and confusing. I recall one person even thought it was a security problem. In the wise words of @ryanfeeley, sometimes "manual is better". |
This came up in the onboarding meeting as something that is very desirable for the iframed flow. |
Was it the Growth team that made the request? Another alternative is to use a single page for both sign in and sign up, like Persona. That'd get rid of the whole issue. |
And Google's new thing, where you just enter the email address and then it figures out what to do from there. |
Do I smell an experiment @vladikoff? |
Yes this comes up in the first run flow and I've made the mistake many times myself. What's especially frustrating about it is that the form understands what you've done wrong but refuses to do what you've meant to do instead. It forces you to work they way it wants you to work. So here's what happens:
|
@rfk @vladikoff Can we do it or experiment with it? It would be a nice courtesy for a double-digit percentage of logins. |
Me too. TBH I suspect we have a biased perspective on the pain of this experience, because we're constantly signing into and out of this thing. So yes, let's move it forward, but let's also be realistic about the priority of this work relative to other parts of the experience. I can parse several potential proposals out of the discussion above. In order of increasing delta from what we currently have:
@ryanfeeley after all the back-end-forth above, which of the above would you like to try moving forward with? |
@ryanfeeley - Can you outline all the success/failure modes? |
@shane-tomlinson How's this?
|
Thanks @ryanfeeley - just what I wanted to know! |
Can confirm that Pinterest allows users to log in via registration form which is as spare as ours. |
Moving this back to the next column but leaving my face on it because I have an in-progress branch. Although if anyone else wants to take it before I pick it up again, please feel free! |
@ryanfeeley, what do you think about maybe displaying some message on the settings page after an existing user has been signed in from the sign-up form for this issue? I'm wonder whether doing that would mitigate the surprise/confusion from @ckarlof's comment:
What do you reckon? |
@ryanfeeley, a couple more questions. Above, you mentioned that we should try to sign users in if the COPPA input is empty or invalid. I've made that change locally, but it leads to a strange flow:
This feels a bit funny to me, are we sure we want to let the user submit the form in this case? And if the answer is yes, do we want to consider make the label of the button dependent on the validity of the COPPA input, or is that too weird? (i.e. it says "sign in" when COPPA is empty or too young and "sign up" when COPPA is valid) |
@philbooth Can you clarify "Request fails"? |
@ryanfeeley sorry, I mean in the case where a user doesn't have an existing account, when that request to sign in fails. Does that explain it better? I guess the main reason I find it weird is from the perspective of what the code is doing, maybe it isn't that weird really. |
@philbooth If the user doesn't have an account, they are creating an account. If they leave the age empty, they should be notified that the age is required. If they are underage, they should not get that message. Is this what's happening? |
@ryanfeeley, yep that is what I'm doing at the moment. If you have wording for those two errors as well, that would be awesome. |
Epic work team. |
Up to 10% of our users start the process of logging in by inadvertently entering their credentials into the registration form. We should allow existing account to log in instantly from the registration form, even if they haven't provided their age in the COPPA pulldown.
The text was updated successfully, but these errors were encountered: