Transactional sign-in/up journeys have existed since the beginning of e-commerce. But, even after 20 years, we keep making mistakes. Most of the time, these are determined by the platform of choice or the user's preferred experience. There is debate on the Internet about whether the company's decision is correct, user-friendly, and compliant. with security policies.
The sign-in/sign-up process is an important hurdle that users must overcome in order to use the services you provide. A terrible SI/SU trip results in a major fall and a terrible experience.
Today, we will aim to eliminate those by establishing a set of simple guidelines that must be followed in all your sign-up/sign-in adventures. Let's start with a simple sign-up and registration process. When we get to the sign-in in the middle of another action, things get a little more complicated.
To create an account, all you need is a name, an email address, and create a strong password. A phone number would be useful if you have a strong SMS marketing presence, but don't make it mandatory. You will be able to get it later.
If your sign-up form is longer than two pages, you will see a significant drop in sign-ups.
Each required field should be highlighted with a check mark. Although using * to indicate that something is needed is ineffective, labeling something as (optional) is preferable to leaving it unmarked. Mandatory elements should come first, followed by optional elements.
Field grouping and identification must be done correctly.
From an HTML point of view, make the fields in the input unique (via autocomplete). Standard - see here), to assist the browser in auto-populating the data.
The guideline should be to identify the strength of the password, but not prevent the user from joining if the password is not in the normal range. The logic is simple: requiring customers to create a new password increases the chance that they will forget it and leave the site the next time they need to access it.
The most trivial input forms are those that require you to fill in all of your details before errors are displayed in a list at the top of the form, while the password you type is lost ("security").
Human-friendly errors are a great way to keep people from abandoning your project.
Most inline form validation makes the mistake of validating as I type. It works like this:
among the most you must use:
On the field, wait for OnFocusOut.
Verify the data in the field.
If there is an error, point it out, but don't turn your attention to the area. (Don't interrupt the flow of the user while filling the form)
Check on each onkeyup when the user has focus on the error field (and the field is not empty). If the field is true, turn it green (but do not associate the input box with a message that replaces it). field for input).
As a result any ugliness with validation should be avoided.
Don't block people from accessing your accounts just because they didn't click on the link you provided unless there is a business need. This is especially true in ecommerce, where ecommerce sites are not required to verify email addresses.You can always block user-facing activities for online products until the email is confirmed.
I've noticed that sites allowing you to verify your email for 3-5 days have a lot of drop-offs. Once the user has accessed the portal and is ready to take action, it is better to request verification.
If a user inputs an email address that already exists in your database, don't just tell them it exists. That's the end of the road. Give the user a reason for the action and a choice:
Allow users to find relief for any errors they encounter!
Sites that take the user directly to the login page are terrible! The user looked forward to receiving a thank you note for joining. And they are faced with a new shape. It was a horrible experience!
If possible, try to verify the email inline. This saves the user from filling in the remaining fields.
Security Note: I understand it's silly to give BlackHatter an API to check that emails are in your database, but if you're careful about it - using throttling - it can be done. You're saving the pain of getting lost on the trip by adding a device fingerprint layer to limit the amount of calls made to multiple consumers.